powershell-scripts/docs/Update-ShopfloorPCs-Remote.md

Update-ShopfloorPCs-Remote.ps1

Remote data collection script that gathers PC information from shopfloor PCs via WinRM and updates the ShopDB database.

Table of Contents

• Overview
• API Integration
• Prerequisites
• Quick Start
• Parameters Reference
• How-To Guides
• Data Collected
• PC Type Detection
• Troubleshooting
• Advanced Usage
• Script Files

---

Overview

This script remotely connects to shopfloor PCs using Windows Remote Management (WinRM) to collect comprehensive system information including hardware details, network configuration, DNC settings, and installed applications. The collected data is then sent to the ShopDB API for asset tracking.

Location: S:\dt\shopfloor\scripts\remote-execution\Update-ShopfloorPCs-Remote.ps1

Use Cases:

• Bulk asset inventory updates
• Automated PC discovery and classification
• Scheduled data collection from all shopfloor PCs
• Targeted updates for specific machines or groups

---

API Integration

This script interacts with the ShopDB API (api.asp) for both retrieving PC lists and storing collected data.

Retrieving PC Lists

When using -All, the script queries the API to get the list of shopfloor PCs:

GET /api.asp?action=getShopfloorPCs

This returns all active PCs with 10.134.. IP addresses. Optional filters:

• pctypeid - Filter by PC type (1=Shopfloor, 2=CMM, etc.)
• businessunitid - Filter by business unit

Retrieving High Uptime PCs

When using -Reboot, the script queries:

GET /api.asp?action=getHighUptimePCs&minUptime=30

This returns PCs that haven't been rebooted in the specified number of days.

Storing Collected Data

After collecting data from each PC, the script POSTs to:

POST /api.asp?action=updateCompleteAsset

With parameters including hostname, serial number, network interfaces, DNC config, and installed applications.

See: ShopDB API Reference for complete API documentation.

---

Prerequisites

On Your Workstation (Where You Run the Script)

1. PowerShell 5.1 or higher

   $PSVersionTable.PSVersion
   

2. Network access to target PCs on port 5985 (HTTP) or 5986 (HTTPS)

3. Domain admin or local admin credentials for target PCs

On Target PCs

1. WinRM must be enabled

   # Check if WinRM is running
   Get-Service WinRM
   
   # Enable WinRM (run as admin on target PC)
   Enable-PSRemoting -Force
   

2. Firewall rules allowing WinRM traffic (TCP 5985/5986)

WinRM Trusted Hosts Setup

If your workstation is not domain-joined or targets are in a different domain:

# Option 1: Use the script's built-in setup
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts

# Option 2: Manual setup (run as admin)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "192.168.*" -Force
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.134.*" -Concatenate -Force

---

Quick Start

Step 1: Open PowerShell as Administrator

# Navigate to script directory
cd C:\Path\To\powershell\remote-execution

Step 2: Get Credentials

# Store credentials for the session
$cred = Get-Credential -Message "Enter domain admin credentials"

Step 3: Run Your First Collection

# Test with a single PC
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "SHOPFLOOR-PC01" -Credential $cred

Step 4: Verify Results

Check the ShopDB database or web interface to confirm the PC data was updated.

---

Parameters Reference

Targeting Parameters

Parameter	Type	Description
-ComputerName	string[]	One or more computer names to target
-All	switch	Query ShopDB for all shopfloor PCs

Authentication Parameters

Parameter	Type	Default	Description
-Credential	PSCredential	Prompt	Admin credentials for remote access
-UseSSL	switch	False	Use HTTPS (port 5986) instead of HTTP

API Parameters

Parameter	Type	Default	Description
-ApiUrl	string	Production URL	ShopDB API endpoint

Network Parameters

Parameter	Type	Default	Description
-DnsSuffix	string	logon.ds.ge.com	DNS suffix for FQDN resolution
-SkipDnsLookup	switch	False	Use hostnames as-is without DNS
-ThrottleLimit	int	25	Max concurrent remote sessions

Reboot Parameters

Parameter	Type	Description
-Reboot	switch	Enable reboot mode
-MinUptimeDays	int	Minimum uptime threshold for reboot
-Force	switch	Skip confirmation prompts
-WhatIf	switch	Preview without executing

Setup Parameters

Parameter	Type	Description
-SetupTrustedHosts	switch	Configure WinRM trusted hosts

---

How-To Guides

How to Update a Single PC

Scenario: You need to update asset data for one specific PC.

# Basic usage
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "G1ZTNCX3ESF"

# With credentials (avoids prompt)
$cred = Get-Credential
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "G1ZTNCX3ESF" -Credential $cred

# Using IP address instead of hostname
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "10.134.50.101" -SkipDnsLookup

Expected Output:

Connecting to G1ZTNCX3ESF...
  [OK] Connected successfully
  Collecting system information...
  Hostname: G1ZTNCX3ESF
  Serial: ABC1234
  PC Type: Shopfloor
  Sending data to API...
  [OK] Data stored successfully (PCID: 1234)

---

How to Update Multiple PCs

Scenario: You have a list of PCs that need updating.

# Array of computer names
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC01","PC02","PC03","PC04"

# From a variable
$pcs = @("SHOPFLOOR-01", "SHOPFLOOR-02", "SHOPFLOOR-03")
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $pcs -Credential $cred

# From a text file (one hostname per line)
$pcs = Get-Content "C:\Lists\shopfloor-pcs.txt"
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $pcs -Credential $cred

Adjusting Concurrency:

# Slower network - reduce concurrent connections
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $pcs -ThrottleLimit 5

# Fast network - increase concurrent connections
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $pcs -ThrottleLimit 50

---

How to Update All Shopfloor PCs

Scenario: Scheduled full inventory update of all shopfloor PCs.

# Update all PCs from ShopDB database
.\Update-ShopfloorPCs-Remote.ps1 -All -Credential $cred

# With lower throttle for off-hours
.\Update-ShopfloorPCs-Remote.ps1 -All -Credential $cred -ThrottleLimit 10

Scheduling with Task Scheduler:

1. Create a batch file run-collection.bat:

   @echo off
   powershell.exe -ExecutionPolicy Bypass -File "C:\Scripts\Update-ShopfloorPCs-Remote.ps1" -All
   

2. Create scheduled task:

   • Trigger: Daily at 2:00 AM
   • Action: Run run-collection.bat
   • Run as: Service account with admin rights

---

How to Reboot PCs with High Uptime

Scenario: Reboot PCs that haven't been restarted in 30+ days.

# Step 1: Preview which PCs would be rebooted
.\Update-ShopfloorPCs-Remote.ps1 -Reboot -MinUptimeDays 30 -WhatIf

# Output shows:
# Would reboot: SHOPFLOOR-01 (Uptime: 45 days)
# Would reboot: SHOPFLOOR-02 (Uptime: 62 days)
# Would skip: SHOPFLOOR-03 (Uptime: 12 days)

# Step 2: Execute with confirmation
.\Update-ShopfloorPCs-Remote.ps1 -Reboot -MinUptimeDays 30 -Credential $cred
# Prompts: "Reboot 2 PCs? [Y/N]"

# Step 3: Or execute without confirmation
.\Update-ShopfloorPCs-Remote.ps1 -Reboot -MinUptimeDays 30 -Force -Credential $cred

Best Practices for Reboots:

• Always run -WhatIf first
• Schedule during maintenance windows
• Start with higher threshold (60 days) then reduce
• Monitor for production impact

---

How to Set Up WinRM Trusted Hosts

Scenario: Your workstation can't connect to shopfloor PCs.

# Use built-in setup (configures common shopfloor subnets)
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts

# Verify configuration
Get-Item WSMan:\localhost\Client\TrustedHosts

# Manual addition of specific subnet
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.134.*" -Force

---

How to Use Different API Endpoints

Scenario: Testing against development or staging environments.

# Development environment
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "TEST-PC" -ApiUrl "http://192.168.122.151:8080/api.asp"

# Staging environment
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "TEST-PC" -ApiUrl "https://staging-server/shopdb/api.asp"

---

How to Handle DNS Resolution Issues

Scenario: PC hostnames aren't resolving correctly.

# Skip DNS and use hostnames as-is
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "SHOPFLOOR-01" -SkipDnsLookup

# Use different DNS suffix
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "SHOPFLOOR-01" -DnsSuffix "shopfloor.local"

# Use IP addresses directly
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "10.134.50.101" -SkipDnsLookup

---

How to Use Secure Connections (SSL)

Scenario: Security requirements mandate encrypted WinRM connections.

# Enable SSL for WinRM (uses port 5986)
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "SECURE-PC" -UseSSL -Credential $cred

Prerequisites for SSL:

• Valid certificate on target PC
• WinRM HTTPS listener configured
• Port 5986 open in firewall

---

Data Collected

Basic System Information

Field	Example	Description
Hostname	G1ZTNCX3ESF	Computer name
Serial Number	ABC1234567	BIOS serial
Service Tag	ABC1234567	Dell service tag
Manufacturer	Dell Inc.	System manufacturer
Model	OptiPlex 7080	System model
OS Version	Microsoft Windows 10 Enterprise	Windows edition
Last Boot Time	2025-01-15 08:30:00	Last restart
Total Physical Memory	16.0	RAM in GB
Domain Role	1	0=Standalone, 1=Member Workstation
Current Time Zone	Eastern Standard Time	System timezone
Logged In User	DOMAIN\jsmith	Current user

DNC Configuration

Field	Example	Description
Site	WJF	GE site code
CNC	FANUC	CNC controller type
NcIF	FOCAS2	NC interface protocol
Machine No	M0612	GE machine number
FTP Primary	10.134.50.10	Primary FTP server
FTP Secondary	10.134.50.11	Backup FTP server

Network Interfaces

Field	Example	Description
Interface Name	Ethernet0	Adapter name
IP Address	10.134.50.101	IPv4 address
Subnet Mask	24	CIDR prefix
Default Gateway	10.134.50.1	Gateway
MAC Address	00-11-22-33-44-55	Physical address
Is Primary	1	10.134.. network
Is Machine Network	0	192.168.. or 100.0.0.* network (CMM)

Additional Data

Field	Example	Description
Serial Ports	COM1, COM2	Available COM ports
Has VNC	1	VNC Server installed
Default Printer	10.80.92.53	Network printer port
All Installed Apps	Microsoft Office...	Complete app list

---

PC Type Detection

The script automatically classifies PCs based on installed software:

Priority	Type	Detection Criteria
1	Dashboard	GE Aerospace Dashboard installed
2	Lobby Display	GE Aerospace Lobby Display installed
3	CMM	PC-DMIS, goCMM, or DODA software
4	Wax Trace	FormTracePak or FormStatusMonitor
5	Keyence	VR-3000, VR-5000, or VR-6000
6	EAS1000	GageCal or NI Software
7	Genspect	Genspect measuring software
8	Heat Treat	HeatTreat application
9	Inspection	Machine #: 0612, 0613, 0615, 8003
10	Shopfloor	Default for domain shop PCs

---

Troubleshooting

Error: "WinRM cannot process the request"

Cause: WinRM not enabled on target PC.

Solution:

# On target PC (as admin)
Enable-PSRemoting -Force
Set-Service WinRM -StartupType Automatic
Start-Service WinRM

---

Error: "Access is denied"

Cause: Insufficient credentials or UAC blocking remote admin.

Solutions:

# 1. Use explicit domain credentials
$cred = Get-Credential -UserName "DOMAIN\AdminUser" -Message "Enter password"

# 2. On target PC, enable remote UAC (as admin)
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value 1 -Type DWord

---

Error: "The WinRM client cannot process the request... not in TrustedHosts"

Cause: Target not in trusted hosts list.

Solution:

.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts
# Or manually:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.134.*" -Force

---

Error: "The underlying connection was closed"

Cause: TLS/SSL configuration mismatch.

Solution: The script automatically sets TLS 1.2/1.3. If issues persist:

# Force TLS 1.2 before running
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

---

Error: "Cannot find computer" or DNS failures

Cause: Hostname not resolving.

Solutions:

# 1. Skip DNS resolution
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC01" -SkipDnsLookup

# 2. Use IP address
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "10.134.50.101" -SkipDnsLookup

# 3. Use different DNS suffix
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC01" -DnsSuffix "yourdomain.local"

---

Slow Performance with Many PCs

Cause: Network bandwidth or target PC load.

Solutions:

# Reduce concurrent connections
.\Update-ShopfloorPCs-Remote.ps1 -All -ThrottleLimit 5

# Run in batches
$allPCs = Get-Content "all-pcs.txt"
$batch1 = $allPCs[0..49]
$batch2 = $allPCs[50..99]

.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $batch1 -Credential $cred
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $batch2 -Credential $cred

---

Advanced Usage

Combining with Other Scripts

# Collect data first, then run maintenance
.\Update-ShopfloorPCs-Remote.ps1 -All -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred

Exporting Results for Analysis

# Capture output to file
.\Update-ShopfloorPCs-Remote.ps1 -All -Credential $cred | Tee-Object -FilePath "collection-log.txt"

---

Script Files

Current Scripts (Active)

S:\dt\shopfloor\scripts\
├── remote-execution\
│   ├── Update-ShopfloorPCs-Remote.ps1   # Remote data collection (this script)
│   └── Invoke-RemoteMaintenance.ps1     # Remote maintenance tasks
│
└── complete-asset\
    ├── Update-PC-CompleteAsset.ps1      # Local data collection
    └── Get-ShopfloorConfig.ps1          # Helper functions (required by above)

Deprecated Scripts (Can Be Removed)

The following scripts in remote-execution\ are legacy and have been replaced:

Deprecated Script	Replaced By
Invoke-RemoteAssetCollection.ps1	Update-ShopfloorPCs-Remote.ps1
Invoke-RemoteAssetCollection-HTTPS.ps1	Update-ShopfloorPCs-Remote.ps1 -UseSSL
Install-KioskApp.ps1	Invoke-RemoteMaintenance.ps1 -Task InstallDashboard
Test-UserRegistryDetection.ps1	Functionality integrated into main scripts

These deprecated scripts can be archived or deleted.