62c0c7bb06
Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
279 lines
9.5 KiB
PowerShell
279 lines
9.5 KiB
PowerShell
#Requires -RunAsAdministrator
|
|
<#
|
|
.SYNOPSIS
|
|
Complete test workflow for WinRM HTTPS setup on a single device.
|
|
|
|
.DESCRIPTION
|
|
This script guides you through testing the WinRM HTTPS setup:
|
|
1. Generate wildcard certificate (if needed)
|
|
2. Set up WinRM HTTPS on local machine
|
|
3. Test connection
|
|
4. Verify functionality
|
|
|
|
.PARAMETER Domain
|
|
Domain for the wildcard certificate (default: logon.ds.ge.com).
|
|
|
|
.PARAMETER CertPassword
|
|
Password for the certificate PFX file.
|
|
|
|
.PARAMETER SkipCertGeneration
|
|
Skip certificate generation if you already have one.
|
|
|
|
.PARAMETER ExistingCertPath
|
|
Path to existing PFX certificate file.
|
|
|
|
.EXAMPLE
|
|
.\Test-WinRM-HTTPS-Setup.ps1
|
|
|
|
.EXAMPLE
|
|
$pass = ConvertTo-SecureString "Password123!" -AsPlainText -Force
|
|
.\Test-WinRM-HTTPS-Setup.ps1 -CertPassword $pass
|
|
|
|
.NOTES
|
|
Author: System Administrator
|
|
Date: 2025-10-17
|
|
Version: 1.0
|
|
#>
|
|
|
|
param(
|
|
[Parameter(Mandatory=$false)]
|
|
[string]$Domain = "logon.ds.ge.com",
|
|
|
|
[Parameter(Mandatory=$false)]
|
|
[SecureString]$CertPassword,
|
|
|
|
[Parameter(Mandatory=$false)]
|
|
[switch]$SkipCertGeneration,
|
|
|
|
[Parameter(Mandatory=$false)]
|
|
[string]$ExistingCertPath
|
|
)
|
|
|
|
function Write-Step {
|
|
param([int]$Number, [string]$Description)
|
|
Write-Host "`n========================================" -ForegroundColor Cyan
|
|
Write-Host "STEP $Number: $Description" -ForegroundColor Cyan
|
|
Write-Host "========================================" -ForegroundColor Cyan
|
|
}
|
|
|
|
function Write-Info {
|
|
param([string]$Message)
|
|
Write-Host $Message -ForegroundColor White
|
|
}
|
|
|
|
function Write-Success {
|
|
param([string]$Message)
|
|
Write-Host "[OK] $Message" -ForegroundColor Green
|
|
}
|
|
|
|
function Write-Error {
|
|
param([string]$Message)
|
|
Write-Host "[ERROR] $Message" -ForegroundColor Red
|
|
}
|
|
|
|
function Write-Warning {
|
|
param([string]$Message)
|
|
Write-Host "[WARN] $Message" -ForegroundColor Yellow
|
|
}
|
|
|
|
# Main execution
|
|
try {
|
|
Write-Host "`n╔════════════════════════════════════════╗" -ForegroundColor Cyan
|
|
Write-Host "║ WinRM HTTPS Test Setup Wizard ║" -ForegroundColor Cyan
|
|
Write-Host "╚════════════════════════════════════════╝" -ForegroundColor Cyan
|
|
Write-Host "Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')" -ForegroundColor Gray
|
|
Write-Host ""
|
|
|
|
# Get computer info
|
|
$hostname = $env:COMPUTERNAME
|
|
$fqdn = "$hostname.$Domain".ToLower()
|
|
|
|
Write-Info "Current computer: $hostname"
|
|
Write-Info "Target FQDN: $fqdn"
|
|
Write-Info "Domain: $Domain"
|
|
|
|
# Get password if not provided
|
|
if (-not $CertPassword) {
|
|
Write-Host "`nEnter password for certificate PFX file:" -ForegroundColor Yellow
|
|
$CertPassword = Read-Host "Password" -AsSecureString
|
|
}
|
|
|
|
# Step 1: Generate or locate certificate
|
|
$certPath = $ExistingCertPath
|
|
|
|
if (-not $SkipCertGeneration -and -not $ExistingCertPath) {
|
|
Write-Step 1 "Generate Wildcard Certificate"
|
|
|
|
Write-Info "Generating self-signed wildcard certificate for *.$Domain..."
|
|
|
|
if (Test-Path ".\Generate-WildcardCert.ps1") {
|
|
& ".\Generate-WildcardCert.ps1" -Domain $Domain -Password $CertPassword -ExportPath "."
|
|
|
|
# Find the generated certificate
|
|
$certPath = Get-ChildItem -Path "." -Filter "wildcard-*.pfx" |
|
|
Sort-Object LastWriteTime -Descending |
|
|
Select-Object -First 1 -ExpandProperty FullName
|
|
|
|
if ($certPath) {
|
|
Write-Success "Certificate generated: $certPath"
|
|
}
|
|
else {
|
|
throw "Certificate generation failed - PFX file not found"
|
|
}
|
|
}
|
|
else {
|
|
throw "Generate-WildcardCert.ps1 not found in current directory"
|
|
}
|
|
}
|
|
elseif ($ExistingCertPath) {
|
|
Write-Step 1 "Using Existing Certificate"
|
|
Write-Info "Certificate path: $ExistingCertPath"
|
|
|
|
if (-not (Test-Path $ExistingCertPath)) {
|
|
throw "Certificate file not found: $ExistingCertPath"
|
|
}
|
|
Write-Success "Certificate file found"
|
|
}
|
|
else {
|
|
Write-Step 1 "Certificate Generation Skipped"
|
|
Write-Warning "Using existing certificate from machine store"
|
|
}
|
|
|
|
# Step 2: Set up WinRM HTTPS
|
|
Write-Step 2 "Configure WinRM HTTPS"
|
|
|
|
Write-Info "Setting up WinRM HTTPS listener..."
|
|
|
|
if (Test-Path ".\Setup-WinRM-HTTPS.ps1") {
|
|
$setupParams = @{
|
|
Domain = $Domain
|
|
}
|
|
|
|
if ($certPath) {
|
|
$setupParams.CertificatePath = $certPath
|
|
$setupParams.CertificatePassword = $CertPassword
|
|
}
|
|
|
|
& ".\Setup-WinRM-HTTPS.ps1" @setupParams
|
|
|
|
Write-Success "WinRM HTTPS setup completed"
|
|
}
|
|
else {
|
|
throw "Setup-WinRM-HTTPS.ps1 not found in current directory"
|
|
}
|
|
|
|
# Step 3: Verify WinRM Configuration
|
|
Write-Step 3 "Verify WinRM Configuration"
|
|
|
|
Write-Info "Checking WinRM service..."
|
|
$winrmService = Get-Service WinRM
|
|
if ($winrmService.Status -eq 'Running') {
|
|
Write-Success "WinRM service is running"
|
|
}
|
|
else {
|
|
Write-Error "WinRM service is not running"
|
|
}
|
|
|
|
Write-Info "`nChecking HTTPS listener..."
|
|
$httpsListener = winrm enumerate winrm/config/listener | Select-String "Transport = HTTPS" -Context 0,10
|
|
|
|
if ($httpsListener) {
|
|
Write-Success "HTTPS listener configured"
|
|
Write-Host "`nListener details:" -ForegroundColor Gray
|
|
$httpsListener | ForEach-Object { Write-Host $_.Line -ForegroundColor Gray }
|
|
}
|
|
else {
|
|
Write-Error "HTTPS listener not found"
|
|
}
|
|
|
|
# Step 4: Test Local Connection
|
|
Write-Step 4 "Test Local HTTPS Connection"
|
|
|
|
Write-Info "Testing WinRM HTTPS on localhost..."
|
|
try {
|
|
$testResult = Test-WSMan -ComputerName localhost -UseSSL -Port 5986 -ErrorAction Stop
|
|
Write-Success "Local HTTPS connection successful"
|
|
Write-Host "`nTest-WSMan Output:" -ForegroundColor Gray
|
|
$testResult | Format-List | Out-String | Write-Host -ForegroundColor Gray
|
|
}
|
|
catch {
|
|
Write-Warning "Local HTTPS test failed: $($_.Exception.Message)"
|
|
Write-Info "This is normal for localhost testing"
|
|
}
|
|
|
|
# Step 5: Test Remote Connection (if applicable)
|
|
Write-Step 5 "Test Remote HTTPS Connection"
|
|
|
|
Write-Info "Testing WinRM HTTPS using FQDN: $fqdn..."
|
|
try {
|
|
# First check if DNS resolves
|
|
try {
|
|
$resolved = Resolve-DnsName $fqdn -ErrorAction Stop
|
|
Write-Success "DNS resolution successful: $($resolved[0].IPAddress)"
|
|
}
|
|
catch {
|
|
Write-Warning "DNS resolution failed for $fqdn"
|
|
Write-Info "You may need to add a DNS entry or use hosts file"
|
|
}
|
|
|
|
# Test HTTPS connection
|
|
$sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck
|
|
$testSession = New-PSSession -ComputerName $fqdn -UseSSL -Port 5986 -SessionOption $sessionOption -ErrorAction Stop
|
|
|
|
Write-Success "Remote HTTPS connection successful!"
|
|
|
|
# Get remote computer info
|
|
$remoteInfo = Invoke-Command -Session $testSession -ScriptBlock {
|
|
@{
|
|
ComputerName = $env:COMPUTERNAME
|
|
OSVersion = (Get-CimInstance Win32_OperatingSystem).Caption
|
|
PowerShellVersion = $PSVersionTable.PSVersion.ToString()
|
|
}
|
|
}
|
|
|
|
Write-Host "`nRemote Computer Info:" -ForegroundColor Cyan
|
|
Write-Host " Computer Name: $($remoteInfo.ComputerName)" -ForegroundColor White
|
|
Write-Host " OS: $($remoteInfo.OSVersion)" -ForegroundColor White
|
|
Write-Host " PowerShell: $($remoteInfo.PowerShellVersion)" -ForegroundColor White
|
|
|
|
Remove-PSSession $testSession
|
|
}
|
|
catch {
|
|
Write-Warning "Remote HTTPS connection test: $($_.Exception.Message)"
|
|
Write-Info "This is expected if DNS is not configured for $fqdn"
|
|
}
|
|
|
|
# Step 6: Summary and Next Steps
|
|
Write-Step 6 "Summary and Next Steps"
|
|
|
|
Write-Success "WinRM HTTPS test setup completed successfully!"
|
|
|
|
Write-Host "`nConfiguration Summary:" -ForegroundColor Cyan
|
|
Write-Host " Hostname: $hostname" -ForegroundColor White
|
|
Write-Host " FQDN: $fqdn" -ForegroundColor White
|
|
Write-Host " HTTPS Port: 5986" -ForegroundColor White
|
|
if ($certPath) {
|
|
Write-Host " Certificate: $certPath" -ForegroundColor White
|
|
}
|
|
|
|
Write-Host "`nNext Steps:" -ForegroundColor Yellow
|
|
Write-Host "1. Configure DNS to resolve $fqdn to this machine's IP" -ForegroundColor White
|
|
Write-Host "2. Deploy the same certificate to other shopfloor PCs" -ForegroundColor White
|
|
Write-Host "3. Run Setup-WinRM-HTTPS.ps1 on each PC" -ForegroundColor White
|
|
Write-Host "4. Test collection with:" -ForegroundColor White
|
|
Write-Host " .\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @('$hostname') -Domain '$Domain'" -ForegroundColor Gray
|
|
|
|
Write-Host "`nFor production deployment:" -ForegroundColor Yellow
|
|
Write-Host "- Obtain a certificate from a trusted CA" -ForegroundColor White
|
|
Write-Host "- Configure proper DNS entries for all shopfloor PCs" -ForegroundColor White
|
|
Write-Host "- Use the shopfloor-hostnames.txt file for batch deployment" -ForegroundColor White
|
|
|
|
Write-Host "`n✅ Test setup complete!" -ForegroundColor Green
|
|
|
|
} catch {
|
|
Write-Host "`n❌ Test setup failed: $($_.Exception.Message)" -ForegroundColor Red
|
|
Write-Host "`nStack Trace:" -ForegroundColor Gray
|
|
Write-Host $_.ScriptStackTrace -ForegroundColor Gray
|
|
exit 1
|
|
}
|