ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62c0c7bb06fa5cf497b782979b9a329ef58afcd1
powershell-scripts/docs/DEPLOYMENT_GUIDE.md
cproudlock 62c0c7bb06 Initial commit: Organized PowerShell scripts for ShopDB asset collection 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00

378 lines
10 KiB
Markdown
Raw Blame History

# Deployment Guide
## Deployment Overview
The GE Manufacturing Asset Management Scripts support multiple deployment strategies for enterprise manufacturing environments, from single-PC execution to large-scale automated rollouts across hundreds of manufacturing systems.
## Prerequisites
### System Requirements
- **Operating System**: Windows 10/11, Windows Server 2016+
- **PowerShell**: Version 5.1 or later
- **Execution Policy**: RemoteSigned or Unrestricted
- **Network Access**: HTTP connectivity to dashboard API
- **Permissions**: Administrator rights recommended
### Environment Preparation
```powershell
# Check PowerShell version
$PSVersionTable.PSVersion
# Check execution policy
Get-ExecutionPolicy
# Set execution policy (if needed)
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
```
## Deployment Methods
### Method 1: Single PC Deployment
#### Quick Start (Recommended)
```batch
# 1. Initial setup (run once)
00-RUN-ME-FIRST.bat
# 2. Execute data collection
Update-PC-CompleteAsset.bat
```
#### Manual PowerShell Execution
```powershell
# Navigate to script directory
cd C:\Path\To\Scripts
# Unblock scripts (security)
Unblock-File .\*.ps1
# Execute main script
.\Update-PC-CompleteAsset.ps1
```
#### Silent Execution (Scheduled Tasks)
```batch
# For automated/scheduled execution
Update-PC-CompleteAsset-Silent.bat
```
---
### Method 2: Multiple PC Deployment
#### Computer List Configuration
Edit `computers.txt` with target systems:
```
# Hostnames
H123EXAMPLE
G456MACHINE
SHOPFLOOR-PC-01
# IP Addresses
192.168.1.100
192.168.1.101
# Fully Qualified Domain Names
machine01.manufacturing.local
cnc-cell-02.shop.local
```
#### Enhanced Batch Deployment
```batch
# Execute on multiple systems
Deploy-To-Multiple-PCs-Enhanced.bat
```
**Features**:
- Parallel execution for faster deployment
- Individual system success/failure tracking
- Comprehensive logging and reporting
- Network connectivity pre-checks
#### PsExec Remote Deployment
```batch
# Enterprise remote execution
Deploy-With-PsExec.bat
```
**Requirements**:
- PsExec.exe in system PATH or script directory
- Administrative credentials for target systems
- SMB/RPC connectivity to target machines
---
### Method 3: Enterprise Integration
#### Group Policy Deployment
1. **Copy Scripts**: Place in network share accessible to all target computers
2. **Create GPO**: New Group Policy Object for computer configuration
3. **Add Startup Script**: Computer Configuration → Policies → Windows Settings → Scripts → Startup
4. **Configure Path**: Point to network share location of `Update-PC-CompleteAsset.bat`
5. **Apply to OUs**: Link GPO to appropriate Organizational Units
#### SCCM/ConfigMgr Integration
```powershell
# Package creation parameters
Package Name: GE Manufacturing Asset Collection
Program Command Line: Update-PC-CompleteAsset-Silent.bat
Run Mode: Run with administrative rights
Assignment: Required, recurring daily
```
#### Tanium Integration
```sql
-- Tanium package deployment
SELECT * FROM Packages WHERE Name LIKE '%Asset Collection%'
-- Deploy to manufacturing systems
DEPLOY Package="GE Asset Collection" TO ComputerGroup="Manufacturing Floor"
```
## Configuration Management
### Dashboard URL Configuration
#### Method 1: Environment Variable
```powershell
# Set user environment variable
[Environment]::SetEnvironmentVariable("ASSET_DASHBOARD_URL", "http://your-server/api.php", "User")
# Set system environment variable (requires admin)
[Environment]::SetEnvironmentVariable("ASSET_DASHBOARD_URL", "http://your-server/api.php", "Machine")
```
#### Method 2: Configuration File
Create `dashboard-config.json`:
```json
{
"DashboardURL": "http://your-server/dashboard-v2/api.php",
"Description": "Production Dashboard API Endpoint",
"LastUpdated": "2025-09-06"
}
```
#### Method 3: Command Line Parameter
```powershell
.\Update-PC-CompleteAsset.ps1 -DashboardURL "http://your-server/api.php"
```
### Advanced Configuration Options
#### Skip Warranty Lookups (Default)
```powershell
.\Update-PC-CompleteAsset.ps1 -SkipWarranty
```
#### Test Connections Only
```powershell
.\Update-PC-CompleteAsset.ps1 -TestConnections
```
#### Custom Proxy Server
```powershell
.\Update-PC-CompleteAsset.ps1 -ProxyURL "http://your-proxy/vendor-api-proxy.php"
```
## Scheduling and Automation
### Windows Task Scheduler
#### Create Scheduled Task
```xml
<?xml version="1.0" encoding="UTF-16"?>
<Task xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<Triggers>
<CalendarTrigger>
<StartBoundary>2025-01-01T06:00:00</StartBoundary>
<ScheduleByDay>
<DaysInterval>1</DaysInterval>
</ScheduleByDay>
</CalendarTrigger>
</Triggers>
<Principals>
<Principal>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
</Settings>
<Actions>
<Exec>
<Command>C:\Scripts\Update-PC-CompleteAsset-Silent.bat</Command>
<WorkingDirectory>C:\Scripts</WorkingDirectory>
</Exec>
</Actions>
</Task>
```
#### PowerShell Scheduled Task Creation
```powershell
$action = New-ScheduledTaskAction -Execute "C:\Scripts\Update-PC-CompleteAsset-Silent.bat" -WorkingDirectory "C:\Scripts"
$trigger = New-ScheduledTaskTrigger -Daily -At 6:00AM
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet -MultipleInstances StopExisting
Register-ScheduledTask -TaskName "GE Asset Collection" -Action $action -Trigger $trigger -Principal $principal -Settings $settings
```
### Startup Script Integration
```batch
REM Add to computer startup scripts
REM Computer Configuration → Policies → Windows Settings → Scripts → Startup
@echo off
timeout 60 >nul 2>&1
cd /d "\\server\share\AssetScripts"
call Update-PC-CompleteAsset-Silent.bat
```
## Network Considerations
### Firewall Configuration
```powershell
# Required outbound ports
HTTP: TCP 80 (Dashboard API communication)
HTTPS: TCP 443 (Secure dashboard API communication)
DNS: UDP 53 (Name resolution)
# Windows Firewall rule creation
New-NetFirewallRule -DisplayName "Asset Collection HTTP" -Direction Outbound -Protocol TCP -LocalPort 80 -Action Allow
New-NetFirewallRule -DisplayName "Asset Collection HTTPS" -Direction Outbound -Protocol TCP -LocalPort 443 -Action Allow
```
### Proxy Server Configuration
If corporate proxy required:
```powershell
# System proxy configuration
netsh winhttp set proxy proxy.corporate.com:8080
# PowerShell proxy configuration
$proxy = New-Object System.Net.WebProxy("http://proxy.corporate.com:8080")
[System.Net.WebRequest]::DefaultWebProxy = $proxy
```
## Monitoring and Logging
### Execution Logging
Scripts provide comprehensive console output with color-coded status:
- 🟢 **Green**: Successful operations
- 🟡 **Yellow**: Warnings and informational messages
- 🔴 **Red**: Errors and failures
-**Gray**: Detailed debugging information
### Log File Creation
```powershell
# Redirect output to log file
.\Update-PC-CompleteAsset.ps1 | Tee-Object -FilePath "C:\Logs\AssetCollection-$(Get-Date -Format 'yyyyMMdd-HHmmss').log"
```
### Centralized Monitoring
Dashboard provides centralized view of:
- Asset collection success/failure rates
- Last update timestamps per system
- Missing or outdated inventory data
- Manufacturing configuration changes
## Troubleshooting Deployment Issues
### Common Issues and Solutions
#### PowerShell Execution Policy
```powershell
# Error: Execution of scripts is disabled on this system
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
# Verify change
Get-ExecutionPolicy -List
```
#### Network Connectivity
```powershell
# Test dashboard connectivity
Test-NetConnection -ComputerName "10.48.130.197" -Port 80
# Test name resolution
Resolve-DnsName "dashboard.manufacturing.local"
# Manual connection test
Update-PC-CompleteAsset.ps1 -TestConnections
```
#### Permission Issues
```powershell
# Check current user permissions
whoami /priv
# Run as administrator
Right-click "Run as administrator"
# Service account configuration
# Configure service account with:
# - Log on as a service right
# - Local administrator membership
# - Network access permissions
```
#### Registry Access Issues
```powershell
# Check registry permissions
# HKLM:\SOFTWARE\GE Aircraft Engines (Read access required)
# HKLM:\SOFTWARE\WOW6432Node\GE Aircraft Engines (Read access required)
# Error: Access denied reading registry
# Solution: Run with administrator privileges or adjust registry permissions
```
### Deployment Validation
#### Success Verification
```powershell
# Check dashboard API for recent data
Invoke-RestMethod -Uri "http://dashboard/api.php?action=getDashboardData" -Method Get
# Verify database entries
# Check pc table for recent lastupdated timestamps
# Check pc_dnc_config table for manufacturing data
```
#### Performance Monitoring
```powershell
# Measure execution time
Measure-Command { .\Update-PC-CompleteAsset.ps1 }
# Typical execution times:
# Standard PC: 15-30 seconds
# Shopfloor PC: 45-90 seconds
# Engineer PC: 20-40 seconds
```
## Best Practices
### Deployment Staging
1. **Pilot Group**: Deploy to 5-10 test systems first
2. **Validation**: Verify data collection and dashboard integration
3. **Gradual Rollout**: Deploy to 25% of systems, monitor, then expand
4. **Full Deployment**: Complete rollout after successful validation
### Maintenance Windows
- **Manufacturing Systems**: Deploy during scheduled maintenance windows
- **Engineering Systems**: Deploy during off-hours or lunch breaks
- **Standard Systems**: Deploy during normal business hours
### Change Management
- **Documentation**: Maintain deployment logs and configuration changes
- **Version Control**: Track script versions and configuration updates
- **Rollback Planning**: Prepare rollback procedures for problematic deployments
### Security Considerations
- **Script Integrity**: Use digital signatures for script validation
- **Network Security**: Encrypt API communications where possible
- **Access Control**: Limit script modification to authorized personnel
- **Credential Management**: Never store credentials in scripts
---
**Deployment guide designed for reliable, scalable, and secure rollout across enterprise manufacturing environments.**
Reference in New Issue View Git Blame Copy Permalink