ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d3519f613c6ba5a1a7f8920f0108345b3bd021f
powershell-scripts/winrm-https/deployment-package/README-DEPLOYMENT.txt
cproudlock 62c0c7bb06 Initial commit: Organized PowerShell scripts for ShopDB asset collection 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00

141 lines
4.5 KiB
Plaintext
Raw Blame History

================================================================================
WinRM HTTPS Deployment Package
================================================================================
This folder contains everything needed to deploy WinRM HTTPS to shopfloor PCs.
================================================================================
REQUIRED FILES
================================================================================
Before deploying, you MUST add the certificate file to this folder:
[ ] wildcard-logon-ds-ge-com-20251017.pfx
Copy this file from the parent folder after you generate it.
================================================================================
QUICK START - NETWORK SHARE DEPLOYMENT
================================================================================
STEP 1: Setup Network Share
---------------------------
1. Copy this entire folder to a network share:
Example: \\SERVER\Shares\WinRM-HTTPS
2. Ensure the certificate PFX file is included in the share
3. Set permissions: Read access for "Domain Computers" or "Everyone"
STEP 2: Deploy to PCs
---------------------------
On each shopfloor PC:
1. Open Windows Explorer
2. Navigate to: \\SERVER\Shares\WinRM-HTTPS
3. Right-click "Deploy-WinRM-HTTPS.bat"
4. Select "Run as Administrator"
5. Enter certificate password when prompted
6. Wait for "SUCCESS" message
STEP 3: Verify Deployment
---------------------------
From management server, test connection:
Test-WSMan -ComputerName "HOSTNAME.logon.ds.ge.com" -UseSSL -Port 5986
================================================================================
FILES IN THIS PACKAGE
================================================================================
Deploy-WinRM-HTTPS.bat - Main deployment batch file
Test-WinRM-HTTPS.bat - Test/verify batch file
Setup-WinRM-HTTPS.ps1 - PowerShell setup script
Test-WinRM-HTTPS-Setup.ps1 - PowerShell test script
NETWORK_SHARE_DEPLOYMENT.md - Detailed deployment guide
README-DEPLOYMENT.txt - This file
REQUIRED (Add manually):
wildcard-logon-ds-ge-com-20251017.pfx - Certificate file (MUST BE ADDED!)
================================================================================
CERTIFICATE PASSWORD
================================================================================
Certificate Password: [Store securely - contact IT if needed]
Password: XqHuyaLZSyCYEcpsMz6h5
IMPORTANT: Keep this password secure! Anyone with the PFX file and password
can decrypt WinRM HTTPS traffic.
For production deployment, use password manager or encrypted credential file.
See NETWORK_SHARE_DEPLOYMENT.md for secure password handling.
================================================================================
DEPLOYMENT WORKFLOW
================================================================================
Recommended approach:
Phase 1: Test (1-3 PCs)
- Deploy to test PCs manually
- Verify WinRM HTTPS works
- Test remote connection from management server
Phase 2: Pilot (10-20 PCs)
- Deploy to small production batch
- Monitor for issues
- Refine process if needed
Phase 3: Full Deployment (All 175 PCs)
- Deploy in batches of 20-30
- Track completed PCs
- Remediate failures
Phase 4: Verification
- Test all PCs with Invoke-RemoteAssetCollection-HTTPS.ps1
- Document results
- Clean up network share
================================================================================
SUPPORT
================================================================================
For detailed instructions, see: NETWORK_SHARE_DEPLOYMENT.md
For troubleshooting, see parent folder:
- TROUBLESHOOTING_CERTIFICATE_GENERATION.md
- GETTING_STARTED.md
- SECURE_CREDENTIAL_MANAGEMENT.md
Contact: IT Support
================================================================================
SECURITY NOTES
================================================================================
1. Certificate Protection
- The PFX file contains private key
- Protect with proper share permissions
- Remove from share after deployment
2. Password Security
- Do not hardcode password in batch files
- Use encrypted files for automation
- Store in password manager
3. Share Permissions
- Read access: Domain Computers group
- Full access: IT Admins only
- Monitor access logs
4. Cleanup
- Remove certificate from share after deployment
- Keep backup in secure location
- Document deployed systems
================================================================================
Reference in New Issue View Git Blame Copy Permalink