62c0c7bb06
Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
250 lines
12 KiB
PowerShell
250 lines
12 KiB
PowerShell
#Requires -RunAsAdministrator
|
|
<#
|
|
.SYNOPSIS
|
|
Configure WinRM client settings for remote connections
|
|
|
|
.DESCRIPTION
|
|
This script configures the WinRM client on your management computer
|
|
to allow connections to shopfloor PCs via WinRM HTTPS.
|
|
|
|
Run this ONCE on your management computer as Administrator.
|
|
|
|
.EXAMPLE
|
|
.\Configure-WinRM-Client.ps1
|
|
|
|
.NOTES
|
|
Author: System Administrator
|
|
Date: 2025-10-17
|
|
Run as: Administrator
|
|
#>
|
|
|
|
Write-Host ""
|
|
Write-Host "╔══════════════════════════════════════════════════════════════╗" -ForegroundColor Cyan
|
|
Write-Host "║ WinRM Client Configuration Script ║" -ForegroundColor Cyan
|
|
Write-Host "╚══════════════════════════════════════════════════════════════╝" -ForegroundColor Cyan
|
|
Write-Host ""
|
|
Write-Host "This script will configure WinRM client settings on this computer" -ForegroundColor White
|
|
Write-Host "to allow remote connections to shopfloor PCs." -ForegroundColor White
|
|
Write-Host ""
|
|
|
|
# Check for admin privileges
|
|
$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
|
|
$isAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
|
|
|
|
if (-not $isAdmin) {
|
|
Write-Host "✗ ERROR: This script must be run as Administrator" -ForegroundColor Red
|
|
Write-Host ""
|
|
Write-Host "Right-click PowerShell and select 'Run as Administrator'" -ForegroundColor Yellow
|
|
exit 1
|
|
}
|
|
|
|
Write-Host "✓ Running with Administrator privileges" -ForegroundColor Green
|
|
Write-Host ""
|
|
|
|
# Configuration
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host "STEP 1: Enable WinRM Client Service" -ForegroundColor Yellow
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host ""
|
|
|
|
try {
|
|
# Start WinRM service
|
|
$winrmService = Get-Service WinRM
|
|
if ($winrmService.Status -ne 'Running') {
|
|
Write-Host "Starting WinRM service..." -ForegroundColor Gray
|
|
Start-Service WinRM
|
|
Write-Host "✓ WinRM service started" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "✓ WinRM service is already running" -ForegroundColor Green
|
|
}
|
|
|
|
# Set to automatic startup
|
|
if ($winrmService.StartType -ne 'Automatic') {
|
|
Write-Host "Setting WinRM to automatic startup..." -ForegroundColor Gray
|
|
Set-Service WinRM -StartupType Automatic
|
|
Write-Host "✓ WinRM set to automatic startup" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "✓ WinRM already set to automatic startup" -ForegroundColor Green
|
|
}
|
|
|
|
} catch {
|
|
Write-Host "✗ Failed to configure WinRM service: $($_.Exception.Message)" -ForegroundColor Red
|
|
exit 1
|
|
}
|
|
|
|
Write-Host ""
|
|
|
|
# Enable PowerShell Remoting
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host "STEP 2: Enable PowerShell Remoting" -ForegroundColor Yellow
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host ""
|
|
|
|
try {
|
|
Write-Host "Enabling PowerShell Remoting..." -ForegroundColor Gray
|
|
Enable-PSRemoting -Force -SkipNetworkProfileCheck | Out-Null
|
|
Write-Host "✓ PowerShell Remoting enabled" -ForegroundColor Green
|
|
} catch {
|
|
Write-Host "⚠ Warning: Could not enable PSRemoting: $($_.Exception.Message)" -ForegroundColor Yellow
|
|
Write-Host " This may be normal if already configured" -ForegroundColor Gray
|
|
}
|
|
|
|
Write-Host ""
|
|
|
|
# Configure TrustedHosts
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host "STEP 3: Configure Trusted Hosts" -ForegroundColor Yellow
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host ""
|
|
|
|
$domain = "*.logon.ds.ge.com"
|
|
|
|
try {
|
|
# Get current trusted hosts
|
|
$currentTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts).Value
|
|
|
|
Write-Host "Current TrustedHosts: " -NoNewline -ForegroundColor Gray
|
|
if ([string]::IsNullOrWhiteSpace($currentTrustedHosts)) {
|
|
Write-Host "(empty)" -ForegroundColor Gray
|
|
} else {
|
|
Write-Host "$currentTrustedHosts" -ForegroundColor White
|
|
}
|
|
|
|
# Check if domain already in trusted hosts
|
|
if ($currentTrustedHosts -like "*$domain*") {
|
|
Write-Host "✓ $domain is already in TrustedHosts" -ForegroundColor Green
|
|
} else {
|
|
Write-Host ""
|
|
Write-Host "Adding $domain to TrustedHosts..." -ForegroundColor Gray
|
|
|
|
if ([string]::IsNullOrWhiteSpace($currentTrustedHosts)) {
|
|
# TrustedHosts is empty, set it
|
|
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $domain -Force
|
|
} else {
|
|
# TrustedHosts has values, append to it
|
|
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "$currentTrustedHosts,$domain" -Force
|
|
}
|
|
|
|
Write-Host "✓ Added $domain to TrustedHosts" -ForegroundColor Green
|
|
}
|
|
|
|
# Show final value
|
|
$finalTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts).Value
|
|
Write-Host ""
|
|
Write-Host "Final TrustedHosts: $finalTrustedHosts" -ForegroundColor White
|
|
|
|
} catch {
|
|
Write-Host "✗ Failed to configure TrustedHosts: $($_.Exception.Message)" -ForegroundColor Red
|
|
Write-Host ""
|
|
Write-Host "You can manually set it with:" -ForegroundColor Yellow
|
|
Write-Host " Set-Item WSMan:\localhost\Client\TrustedHosts -Value '$domain' -Force" -ForegroundColor White
|
|
}
|
|
|
|
Write-Host ""
|
|
|
|
# Configure network profile (if needed)
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host "STEP 4: Check Network Profile" -ForegroundColor Yellow
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host ""
|
|
|
|
try {
|
|
$profile = Get-NetConnectionProfile | Where-Object {$_.IPv4Connectivity -eq 'Internet' -or $_.IPv4Connectivity -eq 'LocalNetwork'}
|
|
|
|
if ($profile) {
|
|
Write-Host "Active Network Profile:" -ForegroundColor White
|
|
Write-Host " Name: $($profile.Name)" -ForegroundColor Gray
|
|
Write-Host " Category: $($profile.NetworkCategory)" -ForegroundColor Gray
|
|
|
|
if ($profile.NetworkCategory -eq 'Public') {
|
|
Write-Host ""
|
|
Write-Host "⚠ Network is set to Public profile" -ForegroundColor Yellow
|
|
Write-Host ""
|
|
Write-Host "For WinRM to work across subnets, you may need to:" -ForegroundColor Yellow
|
|
Write-Host " 1. Change network to Private/DomainAuthenticated, OR" -ForegroundColor Gray
|
|
Write-Host " 2. Configure firewall rules for WinRM on Public profile" -ForegroundColor Gray
|
|
Write-Host ""
|
|
|
|
$change = Read-Host "Would you like to change network to Private? (y/n)"
|
|
if ($change -eq 'y' -or $change -eq 'Y') {
|
|
Set-NetConnectionProfile -Name $profile.Name -NetworkCategory Private
|
|
Write-Host "✓ Network profile changed to Private" -ForegroundColor Green
|
|
}
|
|
} else {
|
|
Write-Host "✓ Network profile is $($profile.NetworkCategory) (OK)" -ForegroundColor Green
|
|
}
|
|
}
|
|
} catch {
|
|
Write-Host "⚠ Could not check network profile: $($_.Exception.Message)" -ForegroundColor Yellow
|
|
}
|
|
|
|
Write-Host ""
|
|
|
|
# Configure firewall (optional)
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host "STEP 5: Check Firewall Rules" -ForegroundColor Yellow
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host ""
|
|
|
|
try {
|
|
# Check for WinRM firewall rules
|
|
$winrmRules = Get-NetFirewallRule | Where-Object {$_.DisplayName -like "*WinRM*" -and $_.Enabled -eq $true}
|
|
|
|
if ($winrmRules) {
|
|
Write-Host "✓ Found $($winrmRules.Count) active WinRM firewall rule(s)" -ForegroundColor Green
|
|
foreach ($rule in $winrmRules) {
|
|
Write-Host " - $($rule.DisplayName)" -ForegroundColor Gray
|
|
}
|
|
} else {
|
|
Write-Host "⚠ No WinRM firewall rules found (may be created by Enable-PSRemoting)" -ForegroundColor Yellow
|
|
}
|
|
} catch {
|
|
Write-Host "⚠ Could not check firewall rules: $($_.Exception.Message)" -ForegroundColor Yellow
|
|
}
|
|
|
|
Write-Host ""
|
|
|
|
# Test configuration
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host "STEP 6: Verify Configuration" -ForegroundColor Yellow
|
|
Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
|
|
Write-Host ""
|
|
|
|
Write-Host "WinRM Client Configuration:" -ForegroundColor White
|
|
try {
|
|
$config = winrm get winrm/config/client
|
|
Write-Host $config -ForegroundColor Gray
|
|
} catch {
|
|
Write-Host "Could not retrieve WinRM client config" -ForegroundColor Yellow
|
|
}
|
|
|
|
Write-Host ""
|
|
|
|
# Success summary
|
|
Write-Host "╔══════════════════════════════════════════════════════════════╗" -ForegroundColor Green
|
|
Write-Host "║ CONFIGURATION COMPLETE ║" -ForegroundColor Green
|
|
Write-Host "╚══════════════════════════════════════════════════════════════╝" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "Your WinRM client is now configured to connect to shopfloor PCs." -ForegroundColor Green
|
|
Write-Host ""
|
|
|
|
# Next steps
|
|
Write-Host "Next Steps:" -ForegroundColor Yellow
|
|
Write-Host ""
|
|
Write-Host "1. Test connection to a shopfloor PC:" -ForegroundColor White
|
|
Write-Host ""
|
|
Write-Host " Option A - Skip certificate validation (for self-signed certs):" -ForegroundColor Gray
|
|
Write-Host " `$sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck" -ForegroundColor White
|
|
Write-Host " Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986 -SessionOption `$sessionOption" -ForegroundColor White
|
|
Write-Host ""
|
|
Write-Host " Option B - Install certificate (recommended for production):" -ForegroundColor Gray
|
|
Write-Host " Import-Certificate -FilePath 'C:\path\to\cert.cer' -CertStoreLocation Cert:\LocalMachine\Root" -ForegroundColor White
|
|
Write-Host ""
|
|
Write-Host "2. Use the test script:" -ForegroundColor White
|
|
Write-Host " .\Test-ShopfloorPC.ps1 -ComputerName g9kn7pz3esf -SkipCertificateCheck" -ForegroundColor White
|
|
Write-Host ""
|
|
Write-Host "3. Create interactive session:" -ForegroundColor White
|
|
Write-Host " `$cred = Get-Credential" -ForegroundColor White
|
|
Write-Host " Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com -Credential `$cred -UseSSL -Port 5986 -SessionOption `$sessionOption" -ForegroundColor White
|
|
Write-Host ""
|