powershell-scripts/remote-execution/README.md

Remote Execution Scripts

Scripts for remotely executing asset collection on multiple shopfloor PCs via WinRM.

Quick Start

Run-RemoteCollection.bat

Or run PowerShell directly:

.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"

---

Batch Launchers (Entry Points)

Batch File	Purpose
Run-RemoteCollection.bat	Main launcher for remote collection

---

PowerShell Scripts

Invoke-RemoteMaintenance.ps1

Remote maintenance toolkit - Execute maintenance tasks on shopfloor PCs via WinRM.

Available Tasks:

Category	Task	Description
Repair	DISM	Run DISM /Online /Cleanup-Image /RestoreHealth
	SFC	Run SFC /scannow (System File Checker)
Optimization	OptimizeDisk	TRIM for SSD, Defrag for HDD
	DiskCleanup	Windows Disk Cleanup (temp files, updates)
	ClearUpdateCache	Clear Windows Update cache (fixes stuck updates)
	ClearBrowserCache	Clear Chrome/Edge cache files
Services	RestartSpooler	Restart Print Spooler service
	FlushDNS	Clear DNS resolver cache
	RestartWinRM	Restart WinRM service
Time/Date	SetTimezone	Set timezone to Eastern Standard Time
	SyncTime	Force time sync with domain controller

Usage:

# Run DISM on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "G1ZTNCX3ESF" -Task DISM

# Optimize disks on multiple PCs
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01","PC02" -Task OptimizeDisk

# Run disk cleanup on all shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task DiskCleanup

# Clear Windows Update cache (fixes stuck updates)
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ClearUpdateCache

Parameters:

Parameter	Default	Description
-ComputerName	-	Single or multiple computer names/IPs
-ComputerListFile	-	Path to text file with computer list
-All	-	Target all shopfloor PCs from ShopDB
-Task	(required)	Maintenance task to execute
-Credential	(prompts)	PSCredential for authentication
-ThrottleLimit	5	Maximum concurrent sessions

Notes:

• DISM and SFC tasks can take 10-30 minutes per PC
• OptimizeDisk automatically detects SSD vs HDD
• ClearUpdateCache stops Windows Update service, clears cache, restarts service

---

Invoke-RemoteAssetCollection.ps1

Remote collection via WinRM HTTP - Execute asset collection on multiple PCs using WinRM over HTTP (port 5985).

What it does:

1. Establishes WinRM connections to target PCs
2. Executes Update-PC-CompleteAsset.ps1 remotely
3. Collects and logs results from each PC
4. Supports parallel execution for efficiency

Usage:

# From file with prompted credentials
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"

# Specific computers with stored credentials
$cred = Get-Credential
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001","PC002") -Credential $cred

# Test connections only
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001") -TestConnections

Parameters:

Parameter	Default	Description
-ComputerList	-	Array of computer names/IPs
-ComputerListFile	-	Path to text file with computer list
-Credential	-	PSCredential for authentication
-MaxConcurrent	5	Maximum parallel sessions
-TestConnections	$false	Test connectivity only
-ScriptPath	C:\Scripts\Update-PC-CompleteAsset.ps1	Path to script on remote PCs

Prerequisites:

• WinRM enabled on target PCs (Enable-PSRemoting -Force)
• Admin credentials for remote PCs
• Port 5985 (HTTP) open in firewall

---

Invoke-RemoteAssetCollection-HTTPS.ps1

Secure remote collection via WinRM HTTPS - Same as above but uses encrypted HTTPS connections (port 5986).

What it does:

• Uses HTTPS/TLS encryption for secure communication
• Supports wildcard certificates for domain-wide deployment
• Automatic FQDN construction from hostnames

Usage:

# With domain suffix
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001","PC002") -Domain "logon.ds.ge.com"

# From file
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameListFile ".\hostnames.txt" -Domain "logon.ds.ge.com"

# Test HTTPS connections
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001") -Domain "logon.ds.ge.com" -TestConnections

Parameters:

Parameter	Default	Description
-HostnameList	-	Array of hostnames (without domain)
-HostnameListFile	-	Path to text file with hostnames
-Domain	-	Domain suffix (e.g., "logon.ds.ge.com")
-Port	5986	HTTPS port
-SkipCertificateCheck	$false	Skip SSL validation

Prerequisites:

• WinRM HTTPS configured on targets (see winrm-https/ folder)
• Valid SSL certificates installed
• Port 5986 open in firewall

---

Update-ShopfloorPCs-Remote.ps1

Query and update all shopfloor PCs - Queries ShopDB for PC list and updates them remotely.

What it does:

1. Queries ShopDB API for list of all shopfloor PCs
2. Establishes WinRM connections to each PC
3. Collects system info remotely and POSTs to API
4. Logs success/failure for each PC

Usage:

# Update all shopfloor PCs from ShopDB database
.\Update-ShopfloorPCs-Remote.ps1 -All

# Update specific PCs
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC001","PC002"

# Setup WinRM trusted hosts first
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts

Parameters:

Parameter	Default	Description
-ComputerName	-	Specific PC(s) to update
-All	$false	Update all shopfloor PCs from ShopDB
-SetupTrustedHosts	$false	Configure WinRM trusted hosts
-Credential	-	PSCredential for authentication
-ApiUrl	Production URL	ShopDB API URL

---

Batch File Launchers

File	Purpose
Run-RemoteCollection.bat	Launcher for remote collection script

---

Requirements

• PowerShell 5.1 or later
• Administrator privileges (required)
• WinRM enabled on management server and target PCs
• Network access to target PCs (ports 5985 or 5986)
• Admin credentials for target PCs

Architecture

┌──────────────────────────────────────────────────────────────┐
│                    Management Server                          │
│  ┌────────────────────────────────────────────────────────┐  │
│  │ Update-ShopfloorPCs-Remote.ps1  - Data collection      │  │
│  │ Invoke-RemoteMaintenance.ps1    - Maintenance tasks    │  │
│  │ Invoke-RemoteAssetCollection.ps1 - General execution   │  │
│  └────────────────────────┬───────────────────────────────┘  │
└───────────────────────────┼──────────────────────────────────┘
                            │ WinRM (5985/5986)
                            ▼
┌──────────────────────────────────────────────────────────────┐
│                     Shopfloor PCs                             │
│  ┌────────────────────────────────────────────────────────┐  │
│  │ Data Collection:                                        │  │
│  │   - System info, network, DNC config, installed apps   │  │
│  │                                                         │  │
│  │ Maintenance Tasks:                                      │  │
│  │   - DISM, SFC, Disk Cleanup, Optimize Disk              │  │
│  │   - Restart Spooler, Flush DNS, Clear Caches            │  │
│  └────────────────────────────────────────────────────────┘  │
└──────────────────────────────────────────────────────────────┘
                            │
                            ▼ HTTPS POST
┌──────────────────────────────────────────────────────────────┐
│                      ShopDB API                               │
│  api.asp -> MySQL (machines, communications, dncconfig)       │
└──────────────────────────────────────────────────────────────┘

WinRM Setup

On Management Server:

Enable-PSRemoting -Force
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

On Target PCs:

Enable-PSRemoting -Force
Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True

For HTTPS setup, see the winrm-https/ folder documentation.