ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62c0c7bb06fa5cf497b782979b9a329ef58afcd1
powershell-scripts/PRODUCTION_URL_UPDATE.md
cproudlock 62c0c7bb06 Initial commit: Organized PowerShell scripts for ShopDB asset collection 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00

10 KiB
Raw Blame History

PowerShell Scripts - Production URL Configuration

Date: 2025-11-21 Status: Updated for Production Target Server: https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp

Changes Made

Files Updated

  1. Update-PC-CompleteAsset-Silent.bat

  2. Update-PC-CompleteAsset.ps1

Deployment Instructions

Step 1: Copy Files to Client PCs

Source Location (Linux Dev):

/home/camp/projects/powershell/

Target Location (Windows PCs):

C:\Apps\PowerShell\

Files to Deploy:

Update-PC-CompleteAsset.ps1
Update-PC-CompleteAsset-Silent.bat
Get-ShopfloorConfig.ps1
Backup-GERegistry.ps1
applications.csv

Step 2: Deployment Methods

Option A: Group Policy (Recommended)

GPO Startup Script:

@echo off
REM Copy PowerShell scripts from network share to local PC
xcopy /Y /E "\\fileserver\shares\IT\PowerShell\*.*" "C:\Apps\PowerShell\"

GPO Path:

Computer Configuration
  → Policies
    → Windows Settings
      → Scripts (Startup/Shutdown)
        → Startup
          → Add: deploy-powershell-scripts.bat

Option B: Manual Copy via Network Share

REM On each PC (or via remote execution)
xcopy /Y /E "\\tsgwp00525\IT\PowerShell\*.*" "C:\Apps\PowerShell\"

Option C: PowerShell Remoting (Bulk Deployment)

# Run from admin workstation
$PCs = Get-Content "C:\PCList.txt"

foreach ($PC in $PCs) {
    Write-Host "Deploying to $PC..."

    # Create directory if doesn't exist
    Invoke-Command -ComputerName $PC -ScriptBlock {
        New-Item -Path "C:\Apps\PowerShell" -ItemType Directory -Force
    }

    # Copy files
    Copy-Item -Path "\\source\PowerShell\*" -Destination "\\$PC\C$\Apps\PowerShell\" -Recurse -Force

    Write-Host "  [OK] Deployed to $PC" -ForegroundColor Green
}

Step 3: Create Scheduled Task

Task Configuration:

Name: Update PC Asset Data
Description: Daily collection of PC hardware and software inventory
Trigger: Daily at 6:00 AM
Action: C:\Apps\PowerShell\Update-PC-CompleteAsset-Silent.bat
Run as: SYSTEM
Run with highest privileges: Yes

GPO Scheduled Task:

Computer Configuration
  → Preferences
    → Control Panel Settings
      → Scheduled Tasks
        → New → Scheduled Task (Windows 7+)

Settings:

  • Name: Update PC Asset Data
  • Program: C:\Apps\PowerShell\Update-PC-CompleteAsset-Silent.bat
  • Trigger: Daily, 6:00 AM
  • Random delay: 0-10 minutes (built into script)
  • Run whether user logged on or not: Yes
  • Run with highest privileges: Yes

Step 4: Test on Sample PCs

Test on 3 different PC types:

  1. Standard PC (Office):
# Run manually
cd C:\Apps\PowerShell
.\Update-PC-CompleteAsset.ps1

Expected:

  1. Shopfloor PC (LTSC):
cd C:\Apps\PowerShell
.\Update-PC-CompleteAsset.ps1

Expected:

  • Detects PC type: Shopfloor
  • Collects system info + network interfaces + DNC config
  • Sends to production API
  • Success message
  1. Engineer PC (Has C:\Apps + V: drive):
cd C:\Apps\PowerShell
.\Update-PC-CompleteAsset.ps1

Expected:

  • Detects PC type: Engineer
  • Collects system info
  • Sends to production API
  • Success message

Step 5: Verify in Database

-- Check recent PC updates (last 24 hours)
SELECT
    hostname,
    machinetypeid,
    serialnumber,
    lastupdated
FROM machines
WHERE pctypeid IS NOT NULL
  AND lastupdated >= DATE_SUB(NOW(), INTERVAL 24 HOUR)
ORDER BY lastupdated DESC;

Step 6: Monitor Logs

Check API logs on server:

https://tsgwp00525.rd.ds.ge.com/shopdb/logs/api-2025-11-21.log

Check PowerShell logs on network share:

S:\dt\cameron\scan\logs\CompleteAsset-[HOSTNAME]-[TIMESTAMP].log

Fallback location (if network share unavailable):

C:\Apps\PowerShell\Logs\CompleteAsset-[HOSTNAME]-[TIMESTAMP].log

URL Configuration Details

Production URL

Full URL:

https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp

Server: tsgwp00525.rd.ds.ge.com Protocol: HTTPS (secure) Path: /shopdb/api.asp Port: 443 (default HTTPS)

Network Requirements

Firewall Rules:

  • Allow outbound HTTPS (port 443) from all client PCs
  • Destination: tsgwp00525.rd.ds.ge.com
  • Protocol: TCP/443

DNS Resolution:

  • tsgwp00525.rd.ds.ge.com must resolve from client PCs
  • Test: nslookup tsgwp00525.rd.ds.ge.com

Certificate:

  • Server must have valid SSL certificate
  • Client PCs must trust certificate authority
  • If using self-signed cert, may need to add to trusted root CAs

Network Share Access:

  • All client PCs must have read/write access to S:\dt\cameron\scan\logs
  • Share permissions: DOMAIN\Domain Computers (Modify)
  • NTFS permissions: DOMAIN\Domain Computers (Modify)
  • If network share unavailable, script will fallback to local C:\Apps\PowerShell\Logs\

URL Priority (Auto-Discovery)

If parameter not provided, script tries URLs in this order:

  1. https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp (PRODUCTION)
  2. http://192.168.122.151:8080/api.asp (DEV)
  3. http://localhost:8080/api.asp (Local test)
  4. (other fallbacks...)

Rollback Instructions

If production deployment fails, revert to DEV URLs:

Update-PC-CompleteAsset-Silent.bat:

Line 27: echo Dashboard: http://192.168.122.151:8080/api.asp >> "%logfile%" 2>&1
Line 60: -DashboardURL "http://192.168.122.151:8080/api.asp"

Update-PC-CompleteAsset.ps1:

Line 26: [string]$DashboardURL = "http://192.168.122.151:8080/api.asp",
Line 70: First candidate = "http://192.168.122.151:8080/api.asp"
Line 98: $defaultUrl = "http://192.168.122.151:8080/api.asp"

Verification Checklist

Before production rollout:

  • Verify network share exists: S:\dt\cameron\scan\logs
  • Test network share write permissions from client PC
  • Test script on Standard PC
  • Test script on Shopfloor PC
  • Test script on Engineer PC
  • Verify logs written to S:\dt\cameron\scan\logs
  • Verify data appears in database
  • Check API logs on server
  • Test scheduled task execution
  • Confirm HTTPS certificate valid
  • Verify firewall allows outbound HTTPS
  • Test DNS resolution of tsgwp00525.rd.ds.ge.com
  • Deploy to pilot group (5-10 PCs)
  • Monitor for 1 week (check network share logs)
  • Deploy to all PCs via GPO

Troubleshooting

Issue: Cannot reach dashboard

Symptom:

[FAIL] Cannot reach: The remote name could not be resolved

Causes:

  1. DNS not resolving tsgwp00525.rd.ds.ge.com
  2. Firewall blocking port 443
  3. Server offline

Fix:

# Test DNS
nslookup tsgwp00525.rd.ds.ge.com

# Test HTTPS connectivity
Test-NetConnection -ComputerName tsgwp00525.rd.ds.ge.com -Port 443

# Test API endpoint
Invoke-RestMethod -Uri "https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp?action=getDashboardData"

Issue: SSL certificate error

Symptom:

The underlying connection was closed: Could not establish trust relationship

Cause: Self-signed or untrusted certificate

Fix:

# Temporary bypass (testing only)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

# Permanent fix: Install certificate to Trusted Root
Import-Certificate -FilePath "server-cert.crt" -CertStoreLocation Cert:\LocalMachine\Root

Issue: 401 Unauthorized

Symptom:

The remote server returned an error: (401) Unauthorized

Cause: Server requires authentication

Fix:

  • Check IIS authentication settings
  • Ensure Anonymous Authentication enabled for api.asp
  • Or add credentials to script

Issue: 500 Internal Server Error

Symptom:

The remote server returned an error: (500) Internal Server Error

Cause: API error on server side

Fix:

  • Check server logs: C:\inetpub\wwwroot\shopdb\logs\api-YYYY-MM-DD.log
  • Check IIS logs: C:\inetpub\logs\LogFiles\
  • Verify database connectivity from server
  • Check ASP error details (disable friendly errors)

Issue: Network log directory not accessible

Symptom:

WARNING: Network log directory S:\dt\cameron\scan\logs not accessible, using local Logs directory

Cause: Network share not accessible or permissions issue

Fix:

# Test network share access
Test-Path "S:\dt\cameron\scan\logs"

# Verify drive mapping
Get-PSDrive S

# Test write permissions
New-Item -Path "S:\dt\cameron\scan\logs\test.txt" -ItemType File -Value "test" -Force
Remove-Item "S:\dt\cameron\scan\logs\test.txt"

Permission Requirements:

  • Share: \\fileserver\share mapped to S: drive
  • Share Permissions: Domain Computers (Read/Write)
  • NTFS Permissions: Domain Computers (Modify)
  • Ensure folder exists: S:\dt\cameron\scan\logs

Production Readiness Status

Scripts Updated: Both .bat and .ps1 files configured for production URL Documentation: Complete deployment guide created Testing Plan: 3-tier testing (Standard, Shopfloor, Engineer) Monitoring: API logs and PowerShell logs configured Rollback Plan: DEV URL reversion documented

Ready for Deployment: YES

Recommended Timeline:

  1. Day 1-2: Test on 3 PCs (one of each type)
  2. Day 3-7: Deploy to pilot group (10 PCs)
  3. Day 8-14: Monitor pilot group
  4. Day 15+: Full deployment via GPO to all PCs

Contact

For deployment issues:

  • Check this documentation
  • Review PowerShell logs on client PC
  • Review API logs on server
  • Contact: IT Asset Management Team

File Locations:

  • Dev: /home/camp/projects/powershell/
  • Production Scripts: C:\Apps\PowerShell\ (on PCs)
  • Production Logs: S:\dt\cameron\scan\logs\ (network share)
  • Server: https://tsgwp00525.rd.ds.ge.com/shopdb/

Document Version: 1.0 Last Updated: 2025-11-21 Status: Production Ready

Reference in New Issue View Git Blame Copy Permalink