ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7c3093923448d7fc76812f2e48c80061ac1a4523
powershell-scripts/remote-execution/README.md
cproudlock 7c30939234 Add maintenance toolkit, DNC/OnGuard utilities 
- Add Invoke-RemoteMaintenance.ps1: Remote maintenance tasks (DISM, SFC, disk cleanup, etc.)
- Add DNC/, dncfix/, edncfix/: DNC configuration utilities
- Add onguard/: OnGuard integration scripts
- Add tools/: Additional utility scripts
- Update remote-execution/README.md with maintenance toolkit docs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-30 13:08:08 -05:00

249 lines
9.7 KiB
Markdown
Raw Blame History

# Remote Execution Scripts
Scripts for remotely executing asset collection on multiple shopfloor PCs via WinRM.
## Quick Start
```batch
Run-RemoteCollection.bat
```
Or run PowerShell directly:
```powershell
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"
```
---
## Batch Launchers (Entry Points)
| Batch File | Purpose |
|------------|---------|
| `Run-RemoteCollection.bat` | Main launcher for remote collection |
---
## PowerShell Scripts
### Invoke-RemoteMaintenance.ps1
**Remote maintenance toolkit** - Execute maintenance tasks on shopfloor PCs via WinRM.
**Available Tasks:**
| Category | Task | Description |
|----------|------|-------------|
| **Repair** | `DISM` | Run DISM /Online /Cleanup-Image /RestoreHealth |
| | `SFC` | Run SFC /scannow (System File Checker) |
| **Optimization** | `OptimizeDisk` | TRIM for SSD, Defrag for HDD |
| | `DiskCleanup` | Windows Disk Cleanup (temp files, updates) |
| | `ClearUpdateCache` | Clear Windows Update cache (fixes stuck updates) |
| | `ClearBrowserCache` | Clear Chrome/Edge cache files |
| **Services** | `RestartSpooler` | Restart Print Spooler service |
| | `FlushDNS` | Clear DNS resolver cache |
| | `RestartWinRM` | Restart WinRM service |
| **Time/Date** | `SetTimezone` | Set timezone to Eastern Standard Time |
| | `SyncTime` | Force time sync with domain controller |
**Usage:**
```powershell
# Run DISM on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "G1ZTNCX3ESF" -Task DISM
# Optimize disks on multiple PCs
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01","PC02" -Task OptimizeDisk
# Run disk cleanup on all shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task DiskCleanup
# Clear Windows Update cache (fixes stuck updates)
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ClearUpdateCache
```
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ComputerName` | - | Single or multiple computer names/IPs |
| `-ComputerListFile` | - | Path to text file with computer list |
| `-All` | - | Target all shopfloor PCs from ShopDB |
| `-Task` | (required) | Maintenance task to execute |
| `-Credential` | (prompts) | PSCredential for authentication |
| `-ThrottleLimit` | `5` | Maximum concurrent sessions |
**Notes:**
- DISM and SFC tasks can take 10-30 minutes per PC
- OptimizeDisk automatically detects SSD vs HDD
- ClearUpdateCache stops Windows Update service, clears cache, restarts service
---
### Invoke-RemoteAssetCollection.ps1
**Remote collection via WinRM HTTP** - Execute asset collection on multiple PCs using WinRM over HTTP (port 5985).
**What it does:**
1. Establishes WinRM connections to target PCs
2. Executes `Update-PC-CompleteAsset.ps1` remotely
3. Collects and logs results from each PC
4. Supports parallel execution for efficiency
**Usage:**
```powershell
# From file with prompted credentials
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"
# Specific computers with stored credentials
$cred = Get-Credential
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001","PC002") -Credential $cred
# Test connections only
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001") -TestConnections
```
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ComputerList` | - | Array of computer names/IPs |
| `-ComputerListFile` | - | Path to text file with computer list |
| `-Credential` | - | PSCredential for authentication |
| `-MaxConcurrent` | `5` | Maximum parallel sessions |
| `-TestConnections` | `$false` | Test connectivity only |
| `-ScriptPath` | `C:\Scripts\Update-PC-CompleteAsset.ps1` | Path to script on remote PCs |
**Prerequisites:**
- WinRM enabled on target PCs (`Enable-PSRemoting -Force`)
- Admin credentials for remote PCs
- Port 5985 (HTTP) open in firewall
---
### Invoke-RemoteAssetCollection-HTTPS.ps1
**Secure remote collection via WinRM HTTPS** - Same as above but uses encrypted HTTPS connections (port 5986).
**What it does:**
- Uses HTTPS/TLS encryption for secure communication
- Supports wildcard certificates for domain-wide deployment
- Automatic FQDN construction from hostnames
**Usage:**
```powershell
# With domain suffix
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001","PC002") -Domain "logon.ds.ge.com"
# From file
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameListFile ".\hostnames.txt" -Domain "logon.ds.ge.com"
# Test HTTPS connections
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001") -Domain "logon.ds.ge.com" -TestConnections
```
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-HostnameList` | - | Array of hostnames (without domain) |
| `-HostnameListFile` | - | Path to text file with hostnames |
| `-Domain` | - | Domain suffix (e.g., "logon.ds.ge.com") |
| `-Port` | `5986` | HTTPS port |
| `-SkipCertificateCheck` | `$false` | Skip SSL validation |
**Prerequisites:**
- WinRM HTTPS configured on targets (see `winrm-https/` folder)
- Valid SSL certificates installed
- Port 5986 open in firewall
---
### Update-ShopfloorPCs-Remote.ps1
**Query and update all shopfloor PCs** - Queries ShopDB for PC list and updates them remotely.
**What it does:**
1. Queries ShopDB API for list of all shopfloor PCs
2. Establishes WinRM connections to each PC
3. Collects system info remotely and POSTs to API
4. Logs success/failure for each PC
**Usage:**
```powershell
# Update all shopfloor PCs from ShopDB database
.\Update-ShopfloorPCs-Remote.ps1 -All
# Update specific PCs
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC001","PC002"
# Setup WinRM trusted hosts first
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts
```
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ComputerName` | - | Specific PC(s) to update |
| `-All` | `$false` | Update all shopfloor PCs from ShopDB |
| `-SetupTrustedHosts` | `$false` | Configure WinRM trusted hosts |
| `-Credential` | - | PSCredential for authentication |
| `-ApiUrl` | Production URL | ShopDB API URL |
---
## Batch File Launchers
| File | Purpose |
|------|---------|
| `Run-RemoteCollection.bat` | Launcher for remote collection script |
---
## Requirements
- PowerShell 5.1 or later
- **Administrator privileges** (required)
- WinRM enabled on management server and target PCs
- Network access to target PCs (ports 5985 or 5986)
- Admin credentials for target PCs
## Architecture
```
┌──────────────────────────────────────────────────────────────┐
│ Management Server │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Update-ShopfloorPCs-Remote.ps1 - Data collection │ │
│ │ Invoke-RemoteMaintenance.ps1 - Maintenance tasks │ │
│ │ Invoke-RemoteAssetCollection.ps1 - General execution │ │
│ └────────────────────────┬───────────────────────────────┘ │
└───────────────────────────┼──────────────────────────────────┘
│ WinRM (5985/5986)
┌──────────────────────────────────────────────────────────────┐
│ Shopfloor PCs │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Data Collection: │ │
│ │ - System info, network, DNC config, installed apps │ │
│ │ │ │
│ │ Maintenance Tasks: │ │
│ │ - DISM, SFC, Disk Cleanup, Optimize Disk │ │
│ │ - Restart Spooler, Flush DNS, Clear Caches │ │
│ └────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘
▼ HTTPS POST
┌──────────────────────────────────────────────────────────────┐
│ ShopDB API │
│ api.asp -> MySQL (machines, communications, dncconfig) │
└──────────────────────────────────────────────────────────────┘
```
## WinRM Setup
### On Management Server:
```powershell
Enable-PSRemoting -Force
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
```
### On Target PCs:
```powershell
Enable-PSRemoting -Force
Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True
```
For HTTPS setup, see the `winrm-https/` folder documentation.
Reference in New Issue View Git Blame Copy Permalink