ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d3519f613c6ba5a1a7f8920f0108345b3bd021f
powershell-scripts/WINRM_REMOTE_COLLECTION.md
cproudlock 62c0c7bb06 Initial commit: Organized PowerShell scripts for ShopDB asset collection 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00

198 lines
6.0 KiB
Markdown
Raw Blame History

# WinRM Remote Asset Collection
This system allows centralized asset data collection from multiple shopfloor PCs using PowerShell remoting (WinRM).
## Overview
The remote collection system consists of:
1. **Invoke-RemoteAssetCollection.ps1** - Main script that orchestrates remote execution
2. **Setup-WinRM.ps1** - Helper script to configure WinRM on management server
3. **Run-RemoteCollection.bat** - Batch file for easy execution
4. **shopfloor-pcs-example.txt** - Example computer list file
## Prerequisites
### Management Server (where you run the remote collection)
- Windows with PowerShell 5.1 or later
- Administrator privileges
- Network connectivity to target computers
- Update-PC-CompleteAsset.ps1 script
### Target Computers (shopfloor PCs)
- Windows with PowerShell 5.1 or later
- WinRM enabled and configured
- Update-PC-CompleteAsset.ps1 script installed locally
- Administrator account for remote access
## Setup Instructions
### 1. Configure Management Server
Run as Administrator:
```powershell
# Set up WinRM to trust all shopfloor computers
.\Setup-WinRM.ps1 -TrustedHosts "*"
# OR set up specific trusted hosts (more secure)
.\Setup-WinRM.ps1 -TrustedHosts "10.48.130.100,10.48.130.101,10.48.130.102"
```
### 2. Configure Target Computers
On each shopfloor PC, run as Administrator:
```powershell
# Enable PowerShell remoting
Enable-PSRemoting -Force
# Configure firewall
Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True
# Optional: Run the setup script
.\Setup-WinRM.ps1
```
### 3. Deploy Asset Collection Script
Ensure `Update-PC-CompleteAsset.ps1` and `Get-ShopfloorConfig.ps1` are present on each target computer at:
- `C:\Scripts\Update-PC-CompleteAsset.ps1` (default path)
- `C:\Scripts\Get-ShopfloorConfig.ps1`
Or specify a different path using the `-ScriptPath` parameter.
### 4. Create Computer List
Copy `shopfloor-pcs-example.txt` to `shopfloor-pcs.txt` and edit with your actual computer IP addresses:
```
# Production computers
10.48.130.100
10.48.130.101
10.48.130.102
# Quality control
10.48.130.110
10.48.130.111
```
## Usage Examples
### Test Connections
```powershell
# Test specific computers
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100", "10.48.130.101") -TestConnections
# Test from file
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -TestConnections
```
### Collect Asset Data
```powershell
# Collect from specific computers
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100", "10.48.130.101")
# Collect from computer list file
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"
# Use stored credentials
$cred = Get-Credential
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Credential $cred
# Custom script path
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100") -ScriptPath "D:\Scripts\Update-PC-CompleteAsset.ps1"
```
### Batch File Execution
Simply double-click `Run-RemoteCollection.bat` for easy execution with default settings.
## Parameters
### Invoke-RemoteAssetCollection.ps1 Parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| ComputerList | Array of computer names/IPs | `@()` |
| ComputerListFile | Path to text file with computer list | - |
| Credential | PSCredential for remote authentication | (prompts) |
| MaxConcurrent | Max concurrent remote sessions | `5` |
| ProxyURL | Warranty proxy server URL | `http://10.48.130.158/vendor-api-proxy.php` |
| DashboardURL | Dashboard API URL | `http://10.48.130.197/dashboard-v2/api.php` |
| SkipWarranty | Skip warranty lookups | `$true` |
| LogPath | Log file path | `.\logs\remote-collection.log` |
| TestConnections | Test connections only | `$false` |
| ScriptPath | Path to script on remote computers | `C:\Scripts\Update-PC-CompleteAsset.ps1` |
## Troubleshooting
### Common Issues
1. **"Access is denied" errors**
- Ensure you're running as Administrator
- Check that credentials have admin rights on target computers
- Verify WinRM is enabled on target computers
2. **"WinRM cannot complete the operation" errors**
- Check trusted hosts configuration: `Get-Item WSMan:\localhost\Client\TrustedHosts`
- Verify network connectivity to target computers
- Check Windows Firewall settings on target computers
3. **"Script not found" errors**
- Ensure Update-PC-CompleteAsset.ps1 exists on target computers
- Check the script path specified in -ScriptPath parameter
- Verify the script has execute permissions
4. **"Execution policy" errors**
- Set execution policy: `Set-ExecutionPolicy RemoteSigned -Force`
- Or use: `powershell.exe -ExecutionPolicy Bypass -File script.ps1`
### Diagnostic Commands
```powershell
# Check WinRM configuration
winrm get winrm/config
# Test specific computer
Test-WSMan -ComputerName "10.48.130.100"
# Check trusted hosts
Get-Item WSMan:\localhost\Client\TrustedHosts
# Test PowerShell remoting
Enter-PSSession -ComputerName "10.48.130.100" -Credential (Get-Credential)
```
## Security Considerations
1. **Trusted Hosts**: Use specific IP addresses rather than "*" when possible
2. **Credentials**: Store credentials securely, avoid hardcoding passwords
3. **Network**: Ensure WinRM traffic is secured on your network
4. **Firewall**: Configure Windows Firewall rules appropriately
5. **Logging**: Monitor log files for security events
## Log Files
Logs are stored in `.\logs\remote-collection.log` and include:
- Connection attempts and results
- Script execution status for each computer
- Error messages and troubleshooting information
- Summary statistics
## Performance
- Default max concurrent sessions: 5
- Adjust `-MaxConcurrent` based on network capacity and server resources
- Monitor performance during large-scale collections
- Consider running during off-peak hours for production environments
## Integration
This remote collection system integrates with:
- Existing Update-PC-CompleteAsset.ps1 script
- Dashboard API for data storage
- Warranty proxy server for Dell warranty lookups
- Database normalization system for machine assignments
Reference in New Issue View Git Blame Copy Permalink