7c30939234
- Add Invoke-RemoteMaintenance.ps1: Remote maintenance tasks (DISM, SFC, disk cleanup, etc.) - Add DNC/, dncfix/, edncfix/: DNC configuration utilities - Add onguard/: OnGuard integration scripts - Add tools/: Additional utility scripts - Update remote-execution/README.md with maintenance toolkit docs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remote Execution Scripts
Scripts for remotely executing asset collection on multiple shopfloor PCs via WinRM.
Quick Start
Run-RemoteCollection.bat
Or run PowerShell directly:
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"
Batch Launchers (Entry Points)
| Batch File | Purpose |
|---|---|
Run-RemoteCollection.bat |
Main launcher for remote collection |
PowerShell Scripts
Invoke-RemoteMaintenance.ps1
Remote maintenance toolkit - Execute maintenance tasks on shopfloor PCs via WinRM.
Available Tasks:
| Category | Task | Description |
|---|---|---|
| Repair | DISM |
Run DISM /Online /Cleanup-Image /RestoreHealth |
SFC |
Run SFC /scannow (System File Checker) | |
| Optimization | OptimizeDisk |
TRIM for SSD, Defrag for HDD |
DiskCleanup |
Windows Disk Cleanup (temp files, updates) | |
ClearUpdateCache |
Clear Windows Update cache (fixes stuck updates) | |
ClearBrowserCache |
Clear Chrome/Edge cache files | |
| Services | RestartSpooler |
Restart Print Spooler service |
FlushDNS |
Clear DNS resolver cache | |
RestartWinRM |
Restart WinRM service | |
| Time/Date | SetTimezone |
Set timezone to Eastern Standard Time |
SyncTime |
Force time sync with domain controller |
Usage:
# Run DISM on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "G1ZTNCX3ESF" -Task DISM
# Optimize disks on multiple PCs
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01","PC02" -Task OptimizeDisk
# Run disk cleanup on all shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task DiskCleanup
# Clear Windows Update cache (fixes stuck updates)
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ClearUpdateCache
Parameters:
| Parameter | Default | Description |
|---|---|---|
-ComputerName |
- | Single or multiple computer names/IPs |
-ComputerListFile |
- | Path to text file with computer list |
-All |
- | Target all shopfloor PCs from ShopDB |
-Task |
(required) | Maintenance task to execute |
-Credential |
(prompts) | PSCredential for authentication |
-ThrottleLimit |
5 |
Maximum concurrent sessions |
Notes:
- DISM and SFC tasks can take 10-30 minutes per PC
- OptimizeDisk automatically detects SSD vs HDD
- ClearUpdateCache stops Windows Update service, clears cache, restarts service
Invoke-RemoteAssetCollection.ps1
Remote collection via WinRM HTTP - Execute asset collection on multiple PCs using WinRM over HTTP (port 5985).
What it does:
- Establishes WinRM connections to target PCs
- Executes
Update-PC-CompleteAsset.ps1remotely - Collects and logs results from each PC
- Supports parallel execution for efficiency
Usage:
# From file with prompted credentials
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"
# Specific computers with stored credentials
$cred = Get-Credential
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001","PC002") -Credential $cred
# Test connections only
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001") -TestConnections
Parameters:
| Parameter | Default | Description |
|---|---|---|
-ComputerList |
- | Array of computer names/IPs |
-ComputerListFile |
- | Path to text file with computer list |
-Credential |
- | PSCredential for authentication |
-MaxConcurrent |
5 |
Maximum parallel sessions |
-TestConnections |
$false |
Test connectivity only |
-ScriptPath |
C:\Scripts\Update-PC-CompleteAsset.ps1 |
Path to script on remote PCs |
Prerequisites:
- WinRM enabled on target PCs (
Enable-PSRemoting -Force) - Admin credentials for remote PCs
- Port 5985 (HTTP) open in firewall
Invoke-RemoteAssetCollection-HTTPS.ps1
Secure remote collection via WinRM HTTPS - Same as above but uses encrypted HTTPS connections (port 5986).
What it does:
- Uses HTTPS/TLS encryption for secure communication
- Supports wildcard certificates for domain-wide deployment
- Automatic FQDN construction from hostnames
Usage:
# With domain suffix
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001","PC002") -Domain "logon.ds.ge.com"
# From file
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameListFile ".\hostnames.txt" -Domain "logon.ds.ge.com"
# Test HTTPS connections
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001") -Domain "logon.ds.ge.com" -TestConnections
Parameters:
| Parameter | Default | Description |
|---|---|---|
-HostnameList |
- | Array of hostnames (without domain) |
-HostnameListFile |
- | Path to text file with hostnames |
-Domain |
- | Domain suffix (e.g., "logon.ds.ge.com") |
-Port |
5986 |
HTTPS port |
-SkipCertificateCheck |
$false |
Skip SSL validation |
Prerequisites:
- WinRM HTTPS configured on targets (see
winrm-https/folder) - Valid SSL certificates installed
- Port 5986 open in firewall
Update-ShopfloorPCs-Remote.ps1
Query and update all shopfloor PCs - Queries ShopDB for PC list and updates them remotely.
What it does:
- Queries ShopDB API for list of all shopfloor PCs
- Establishes WinRM connections to each PC
- Collects system info remotely and POSTs to API
- Logs success/failure for each PC
Usage:
# Update all shopfloor PCs from ShopDB database
.\Update-ShopfloorPCs-Remote.ps1 -All
# Update specific PCs
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC001","PC002"
# Setup WinRM trusted hosts first
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts
Parameters:
| Parameter | Default | Description |
|---|---|---|
-ComputerName |
- | Specific PC(s) to update |
-All |
$false |
Update all shopfloor PCs from ShopDB |
-SetupTrustedHosts |
$false |
Configure WinRM trusted hosts |
-Credential |
- | PSCredential for authentication |
-ApiUrl |
Production URL | ShopDB API URL |
Batch File Launchers
| File | Purpose |
|---|---|
Run-RemoteCollection.bat |
Launcher for remote collection script |
Requirements
- PowerShell 5.1 or later
- Administrator privileges (required)
- WinRM enabled on management server and target PCs
- Network access to target PCs (ports 5985 or 5986)
- Admin credentials for target PCs
Architecture
┌──────────────────────────────────────────────────────────────┐
│ Management Server │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Update-ShopfloorPCs-Remote.ps1 - Data collection │ │
│ │ Invoke-RemoteMaintenance.ps1 - Maintenance tasks │ │
│ │ Invoke-RemoteAssetCollection.ps1 - General execution │ │
│ └────────────────────────┬───────────────────────────────┘ │
└───────────────────────────┼──────────────────────────────────┘
│ WinRM (5985/5986)
▼
┌──────────────────────────────────────────────────────────────┐
│ Shopfloor PCs │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Data Collection: │ │
│ │ - System info, network, DNC config, installed apps │ │
│ │ │ │
│ │ Maintenance Tasks: │ │
│ │ - DISM, SFC, Disk Cleanup, Optimize Disk │ │
│ │ - Restart Spooler, Flush DNS, Clear Caches │ │
│ └────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘
│
▼ HTTPS POST
┌──────────────────────────────────────────────────────────────┐
│ ShopDB API │
│ api.asp -> MySQL (machines, communications, dncconfig) │
└──────────────────────────────────────────────────────────────┘
WinRM Setup
On Management Server:
Enable-PSRemoting -Force
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
On Target PCs:
Enable-PSRemoting -Force
Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True
For HTTPS setup, see the winrm-https/ folder documentation.