Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
154 lines
5.2 KiB
Plaintext
154 lines
5.2 KiB
Plaintext
================================================================================
|
|
START HERE - WinRM HTTPS Certificate Authority Setup
|
|
================================================================================
|
|
|
|
Location: /tmp/winrm-ca-scripts/
|
|
|
|
All files have been created and are ready to use!
|
|
|
|
================================================================================
|
|
COPY THESE FILES TO YOUR WINDOWS COMPUTER
|
|
================================================================================
|
|
|
|
Copy ALL files in /tmp/winrm-ca-scripts/ to:
|
|
C:\users\570005354\Downloads\winrm-ca-scripts\
|
|
|
|
Files to copy:
|
|
1. Create-CA-Simple.ps1 - Creates Certificate Authority
|
|
2. Sign-BulkCertificates.ps1 - Signs 175 PC certificates
|
|
3. Test-RemotePC-Debug.ps1 - Debug script for remote PCs
|
|
4. Test-RemotePC-Debug.bat - Batch wrapper for debug script
|
|
5. shopfloor-hostnames.txt - List of 175 PC hostnames
|
|
6. README.txt - Full instructions
|
|
7. START-HERE.txt - This file
|
|
|
|
================================================================================
|
|
STEP-BY-STEP INSTRUCTIONS
|
|
================================================================================
|
|
|
|
STEP 1: Copy Files to Windows
|
|
------------------------------
|
|
From Linux terminal:
|
|
|
|
# If you have direct access to Windows filesystem:
|
|
cp -r /tmp/winrm-ca-scripts /mnt/c/users/570005354/Downloads/
|
|
|
|
# OR use WinSCP, scp, or any file transfer method
|
|
|
|
|
|
STEP 2: Create Certificate Authority
|
|
-------------------------------------
|
|
On Windows, in PowerShell as Administrator:
|
|
|
|
cd C:\users\570005354\Downloads\winrm-ca-scripts
|
|
.\Create-CA-Simple.ps1
|
|
|
|
Enter password when prompted: ShopfloorCA2025!
|
|
|
|
This creates:
|
|
- Shopfloor-WinRM-CA-YYYYMMDD.pfx (CA private key)
|
|
- Shopfloor-WinRM-CA-YYYYMMDD.cer (CA public cert)
|
|
|
|
|
|
STEP 3: Install CA on Your Computer
|
|
------------------------------------
|
|
Still in PowerShell as Administrator:
|
|
|
|
Import-Certificate -FilePath "Shopfloor-WinRM-CA-YYYYMMDD.cer" `
|
|
-CertStoreLocation Cert:\LocalMachine\Root
|
|
|
|
Replace YYYYMMDD with the actual date from Step 2.
|
|
|
|
|
|
STEP 4: Sign All 175 PC Certificates
|
|
-------------------------------------
|
|
Still in PowerShell as Administrator:
|
|
|
|
$caPass = ConvertTo-SecureString "ShopfloorCA2025!" -AsPlainText -Force
|
|
$certPass = ConvertTo-SecureString "PCCert2025!" -AsPlainText -Force
|
|
|
|
.\Sign-BulkCertificates.ps1 `
|
|
-HostnameFile "shopfloor-hostnames.txt" `
|
|
-CAPfxPath "Shopfloor-WinRM-CA-YYYYMMDD.pfx" `
|
|
-CAPassword $caPass `
|
|
-CertificatePassword $certPass
|
|
|
|
This creates pc-certificates/batch-TIMESTAMP/ folder with 175 certificates.
|
|
|
|
|
|
STEP 5: Test on ONE PC First
|
|
-----------------------------
|
|
Deploy to G9KN7PZ3ESF for testing:
|
|
|
|
A. Copy certificate to PC:
|
|
Copy-Item "pc-certificates\batch-*\G9KN7PZ3ESF-*.pfx" `
|
|
-Destination "\\G9KN7PZ3ESF\C$\Temp\"
|
|
|
|
B. On G9KN7PZ3ESF, import certificate:
|
|
$certPass = ConvertTo-SecureString "PCCert2025!" -AsPlainText -Force
|
|
$cert = Import-PfxCertificate `
|
|
-FilePath "C:\Temp\G9KN7PZ3ESF-*.pfx" `
|
|
-CertStoreLocation Cert:\LocalMachine\My `
|
|
-Password $certPass
|
|
|
|
C. Configure WinRM (if Setup-WinRM-HTTPS.ps1 is available):
|
|
.\Setup-WinRM-HTTPS.ps1 -CertificateThumbprint $cert.Thumbprint -Domain "logon.ds.ge.com"
|
|
|
|
|
|
STEP 6: Test Connection
|
|
------------------------
|
|
From YOUR computer:
|
|
|
|
Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986
|
|
|
|
$cred = Get-Credential
|
|
Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
|
|
-Credential $cred -UseSSL -Port 5986
|
|
|
|
SUCCESS! No -SessionOption needed!
|
|
|
|
|
|
STEP 7: Deploy to Remaining PCs
|
|
--------------------------------
|
|
Repeat Step 5 for each of the remaining 174 PCs.
|
|
|
|
Or create an automated deployment script (ask for help if needed).
|
|
|
|
|
|
================================================================================
|
|
TROUBLESHOOTING
|
|
================================================================================
|
|
|
|
If Remote PC Has Issues:
|
|
1. Copy Test-RemotePC-Debug.bat and Test-RemotePC-Debug.ps1 to the PC
|
|
2. Right-click Test-RemotePC-Debug.bat and "Run as Administrator"
|
|
3. Review the output to see what's wrong
|
|
|
|
Common Issues:
|
|
- Port 5986 not listening → WinRM listener not configured
|
|
- Certificate not found → Certificate not imported
|
|
- Firewall blocking → Firewall rule missing
|
|
|
|
================================================================================
|
|
WHAT YOU GET
|
|
================================================================================
|
|
|
|
BEFORE (Wildcard with bypasses):
|
|
$sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck
|
|
Enter-PSSession -ComputerName PC -Credential $cred -UseSSL -SessionOption $sessionOption
|
|
⚠️ Certificate warnings, security bypasses
|
|
|
|
AFTER (CA with proper certs):
|
|
Enter-PSSession -ComputerName PC -Credential $cred -UseSSL -Port 5986
|
|
✅ Clean, secure, no warnings!
|
|
|
|
================================================================================
|
|
NEED HELP?
|
|
================================================================================
|
|
|
|
Read README.txt for full instructions.
|
|
|
|
All scripts are ready to use - just copy to Windows and run!
|
|
|
|
================================================================================
|