ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
97e40e57f98f78abbf957d58b909b169ede09ece
powershell-scripts/docs/Invoke-RemoteMaintenance.md
cproudlock 86b32d8597 Add fixnetworkshare, winrm-setup-package, udc remote-execution suites 
- NetworkDriveManager.ps1: S: drive repair utility
- winrm-setup-package: Invoke-RemoteTask helper + Setup-WinRM.bat + HTML guide
- remote-execution/udc: UDC_Update.ps1 and batch wrappers for updating
  DNC controllers on shop-floor PCs
- Invoke-RemoteMaintenance.ps1: substantial rework (~1650 lines)
- Schedule-Maintenance and complete-asset minor updates
- Bump edncfix gitlink to v1.6.0 (2748bfa)
- .gitignore: block inventory.csv/xlsx (CUI) and logs_*.txt (per-host logs)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 12:04:40 -04:00

32 KiB
Raw Blame History

Invoke-RemoteMaintenance.ps1

Remote maintenance toolkit for executing maintenance tasks on shopfloor PCs via WinRM.

Table of Contents

Overview

This script provides a comprehensive remote maintenance toolkit for managing shopfloor PCs. It executes maintenance tasks via WinRM (Windows Remote Management) and can target PCs individually, by type, by business unit, or all at once.

Location: S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1

Key Features:

  • 22 maintenance tasks available
  • General-purpose file deployment (CopyFile) and registry import (ImportReg) tasks
  • Registry imports run as logged-in user via scheduled task (HKCU support)
  • Optional post-copy commands via scheduled task (service/app restarts)
  • Multiple targeting options (by name, type, business unit, or all)
  • Concurrent execution with configurable throttling
  • Integration with ShopDB for PC discovery

First-Time Setup

Before running this script for the first time, you must allow PowerShell script execution and unblock the script file.

Step 1: Allow PowerShell Script Execution

Open PowerShell as Administrator and run:

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

When prompted, type Y and press Enter. This allows locally-created scripts to run and requires downloaded scripts to be signed or unblocked.

Note: You only need to do this once per user account. RemoteSigned is the recommended policy — it allows local scripts while still protecting against untrusted downloads.

Step 2: Unblock the Script File

Files downloaded from a network share or the internet are marked as "blocked" by Windows. You must unblock the script before it can run.

Option A — File Explorer (GUI):

  1. Navigate to S:\dt\shopfloor\scripts\remote-execution\
  2. Right-click Invoke-RemoteMaintenance.ps1 and select Properties
  3. At the bottom of the General tab, check the Unblock checkbox
  4. Click Apply, then OK

Option B — PowerShell:

Unblock-File -Path "S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1"

Important: If you skip this step, you will get a security error when trying to run the script: "cannot be loaded because running scripts is disabled on this system" or "cannot be loaded. The file is not digitally signed."

API Integration

When using -All, -PcType, or -BusinessUnit targeting, the script retrieves PC lists from the ShopDB API:

GET /api.asp?action=getShopfloorPCs
GET /api.asp?action=getShopfloorPCs&pctypeid=2      # CMM PCs only
GET /api.asp?action=getShopfloorPCs&businessunitid=1 # Specific business unit

PC Type IDs:

ID Type ID Type
1 Standard 7 Keyence
2 Engineer 8 Genspect
3 Shopfloor 9 Heat Treat
4 Uncategorized 10 Inspection
5 CMM 11 Dashboard
6 Wax / Trace 12 Lobby Display

See: ShopDB API Reference for complete API documentation.

Prerequisites

On Your Workstation

  1. PowerShell 5.1 or higher
  2. Network access to target PCs (TCP port 5985)
  3. Admin credentials for target PCs

On Target PCs

  1. WinRM enabled (Enable-PSRemoting -Force)
  2. Firewall rules allowing WinRM traffic

Verify Connectivity

# Test WinRM connectivity
Test-WSMan -ComputerName "SHOPFLOOR-PC01"

# Test with credentials
$cred = Get-Credential
Test-WSMan -ComputerName "SHOPFLOOR-PC01" -Credential $cred

Quick Start

Step 1: Get Credentials

$cred = Get-Credential -Message "Enter domain admin credentials"

Step 2: Run a Simple Task

# Flush DNS on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "SHOPFLOOR-PC01" -Task FlushDNS -Credential $cred

Step 3: Check Results

The script outputs status for each PC:

[SHOPFLOOR-PC01] FlushDNS: SUCCESS
  DNS Resolver Cache flushed successfully

Parameters Reference

Targeting Parameters (Mutually Exclusive)

Parameter Type Description
-ComputerName string[] One or more computer names or IPs
-ComputerListFile string Path to text file with hostnames
-All switch Target all shopfloor PCs from ShopDB
-PcType string Target by PC type (see PC Types)
-BusinessUnit string Target by business unit (see Business Units)

Task Parameter (Required)

Parameter Type Description
-Task string Maintenance task to execute

File Deployment Parameters (CopyFile / ImportReg)

Parameter Type Description
-SourcePath string Source file path (local or UNC). Required for CopyFile and ImportReg
-DestinationPath string Destination file path on remote PCs. Required for CopyFile
-RunCommand string Command to run after CopyFile. Runs as logged-in user by default (via scheduled task)
-AsSystem switch Run ImportReg and -RunCommand in the WinRM session (SYSTEM context) instead of as logged-in user

Optional Parameters

Parameter Type Default Description
-Credential PSCredential Prompt Remote authentication
-ApiUrl string Production ShopDB API endpoint
-ThrottleLimit int 5 Max concurrent sessions
-DnsSuffix string logon.ds.ge.com DNS suffix for FQDN resolution
-LogFile switch Off Enable transcript logging to logs/ directory

PC Types

Standard, Engineer, Shopfloor, CMM, Wax / Trace, Keyence,
Genspect, Heat Treat, Inspection, Dashboard, Lobby Display, Uncategorized

Business Units

TBD, Blisk, HPT, Spools, Inspection, Venture, Turn/Burn, DT

Available Tasks

Repair Tasks

Task Description Duration Impact
DISM Repair Windows component store 15-60 min Low
SFC System File Checker scan 10-30 min Low

Optimization Tasks

Task Description Duration Impact
OptimizeDisk TRIM (SSD) or Defrag (HDD) 5-60 min Medium
DiskCleanup Remove temp files, updates 5-15 min Low
ClearUpdateCache Clear Windows Update cache 1-2 min Low
ClearBrowserCache Clear Chrome/Edge cache 1-2 min Low

Service Tasks

Task Description Duration Impact
RestartSpooler Restart Print Spooler <1 min Low
FlushDNS Clear DNS cache <1 min None
RestartWinRM Restart WinRM service <1 min Temp disconnect

Time/Date Tasks

Task Description Duration Impact
SetTimezone Set to Eastern Time <1 min None
SyncTime Force time sync with DC <1 min None

DNC Tasks

Task Description Duration Impact
UpdateDNCMXHosts Update FtpHostPrimary/Secondary in DNC\MX registry <1 min None
AuditDNCConfig Compare DNC registry vs UDC backup JSON, export CSV 1-5 min None
CheckDefectTracker Check if Defect_Tracker.exe is running, export CSV 1-5 min None

File Deployment Tasks

Task Description Duration Impact
CopyFile Copy file from -SourcePath to -DestinationPath on remote PCs 1-2 min Low
ImportReg Copy .reg file and import via scheduled task as logged-in user 1-2 min Low

System Tasks

Task Description Duration Impact
GPUpdate Force Group Policy refresh (gpupdate /force) <1 min Low
Reboot Restart PC (30s delay) 2-5 min High

Software Deployment Tasks

Task Description Duration Impact
InstallDashboard Install GE Dashboard app 2-5 min Medium
InstallLobbyDisplay Install Lobby Display app 2-5 min Medium
UninstallDashboard Remove GE Dashboard 1-2 min Low
UninstallLobbyDisplay Remove Lobby Display 1-2 min Low

Software Deployment Mechanism

Source File Locations

Deployment tasks require source files to be available before execution:

Task Source File Path
InstallDashboard \\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe
InstallLobbyDisplay \\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe
CopyFile Any file - specified via -SourcePath parameter
ImportReg Any .reg file - specified via -SourcePath parameter

How Deployment Works

  1. Pre-flight Check: Script verifies source file exists
  2. WinRM Session: Opens remote session to target PC
  3. File Push: Copies source file to C:\Windows\Temp\ on remote PC
  4. Execution: Runs install/copy/import task using pushed file
  5. Post-action: Optionally runs command as logged-in user via scheduled task
  6. Cleanup: Removes temp file from remote PC
+---------------------+     WinRM      +---------------------+
|  Your Workstation   | ------------>  |   Target PC         |
|                     |                |                     |
|  Source Files:      |   Push File    |  Temp Location:     |
|  - Setup.exe        | ------------>  |  C:\Windows\Temp    |
|  - config.json      |                |                     |
|  - settings.reg     |   Execute      |  Final Location:    |
|    (any path/UNC)   | ------------>  |  -DestinationPath   |
|                     |                |                     |
|                     |  Sched. Task   |  Logged-in User:    |
|                     | ------------>  |  - regedit /s       |
|                     |                |  - RunCommand        |
+---------------------+                +---------------------+

CopyFile Details

The CopyFile task:

  1. Source: Any file specified via -SourcePath (local or UNC path)
  2. Destination: Specified via -DestinationPath
  3. Backup: Existing file is backed up as <name>-old-<timestamp>.<ext>
  4. Post-action: If -RunCommand is specified, runs as the logged-in user via a one-shot scheduled task (same pattern as Dashboard/Lobby kiosk relaunch)

ImportReg Details

The ImportReg task:

  1. Source: .reg file specified via -SourcePath
  2. Import method: regedit.exe /s via one-shot scheduled task as logged-in user
  3. HKCU support: Runs as the logged-in user, so both HKLM and HKCU keys apply correctly
  4. Fallback: If no user is logged in, runs regedit.exe /s directly (HKLM only)
  5. Cleanup: Temp .reg file removed after import

Dashboard/Lobby Display Install Details

Both kiosk app installers:

  1. Installer type: Inno Setup (supports /VERYSILENT)
  2. Pre-install: Kills running Edge kiosk via PrepareToInstall in Inno Setup
  3. Execution: Silent install with no user prompts (120-second timeout)
  4. Post-install: Creates a one-shot scheduled task to relaunch Edge in kiosk mode as the logged-in user (e.g. lg044513sd), then auto-deletes the task
  5. Cleanup: Installer removed from temp after execution
  6. Connectivity: Offline PCs are skipped with a ping check before connecting

Uninstall GUIDs:

  • Dashboard: {9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}
  • Lobby Display: {42FFB952-0B72-493F-8869-D957344CA305}

Adding New Deployable Applications

To add a new application for deployment, edit the script in two places:

Step 1: Add to $KioskAppConfig hashtable

$KioskAppConfig = @{
    # Existing entries...

    # Add new application
    'InstallNewApp' = @{
        Action = 'Install'
        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\NewApp\NewAppSetup.exe'
        InstallerName = 'NewAppSetup.exe'
        AppName = 'New Application Name'
        UninstallGuid = '{YOUR-GUID-HERE}'  # Find in registry after manual install
        KioskUrl = 'https://tsgwp00525.wjs.geaerospace.net/shopdb/your-page/'  # Optional: relaunch Edge kiosk after install
    }
    'UninstallNewApp' = @{
        Action = 'Uninstall'
        InstallerName = 'NewAppSetup.exe'
        AppName = 'New Application Name'
        UninstallGuid = '{YOUR-GUID-HERE}'
    }
}

Step 2: Add task names to ValidateSet (~line 142)

[ValidateSet(
    'DISM', 'SFC', 'OptimizeDisk', 'DiskCleanup', 'ClearUpdateCache',
    'RestartSpooler', 'FlushDNS', 'RestartWinRM', 'ClearBrowserCache',
    'SetTimezone', 'SyncTime', 'UpdateEMxAuthToken', 'DeployUDCWebServerConfig', 'Reboot',
    'InstallDashboard', 'InstallLobbyDisplay', 'UninstallDashboard', 'UninstallLobbyDisplay',
    'InstallNewApp', 'UninstallNewApp'  # Add new tasks here
)]
[string]$Task

Step 3: Place installer on network share

\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\NewApp\NewAppSetup.exe

Finding the Uninstall GUID:

After manually installing the application on a test PC, find the GUID in registry:

# Search for app in registry
Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" |
    Get-ItemProperty | Where-Object { $_.DisplayName -like "*AppName*" } |
    Select-Object DisplayName, PSChildName, UninstallString

The PSChildName is typically the GUID (e.g., {9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}).

Installer Requirements:

  • Must support silent installation flags
  • Inno Setup: /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
  • MSI: /qn /norestart
  • NSIS: /S

If your installer uses different flags, modify the InstallKioskApp scriptblock.

How-To Guides

How to Repair System Files

Scenario: A PC has corrupted system files causing crashes or errors.

Option 1: DISM (Component Store Repair)

# Run DISM repair on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

What it does:

  • Downloads missing/corrupted files from Windows Update
  • Repairs the Windows component store
  • Required before SFC if component store is damaged

Expected output:

[PROBLEM-PC] DISM: SUCCESS
  Deployment Image Servicing and Management tool
  The restore operation completed successfully.

Option 2: SFC (System File Checker)

# Run SFC after DISM
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task SFC -Credential $cred

What it does:

  • Scans all protected system files
  • Replaces corrupted files from component store
  • Creates log at C:\Windows\Logs\CBS\CBS.log

Best Practice - Full Repair Sequence:

# Step 1: Run DISM first
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

# Step 2: Run SFC after DISM completes
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task SFC -Credential $cred

# Step 3: Reboot to apply changes
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task Reboot -Credential $cred

How to Optimize Disks

Scenario: PCs are running slow due to disk fragmentation or lack of TRIM.

Single PC Optimization

.\Invoke-RemoteMaintenance.ps1 -ComputerName "SLOW-PC" -Task OptimizeDisk -Credential $cred

What it does:

  • Detects drive type (SSD vs HDD)
  • For SSDs: Runs TRIM to reclaim deleted blocks
  • For HDDs: Runs defragmentation

Optimize All CMM PCs (After Hours)

# CMM PCs often have large files - optimize overnight
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task OptimizeDisk -Credential $cred -ThrottleLimit 3

Full Cleanup Sequence

# Step 1: Clear update cache
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ClearUpdateCache -Credential $cred

# Step 2: Run disk cleanup
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task DiskCleanup -Credential $cred

# Step 3: Optimize disk
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task OptimizeDisk -Credential $cred

How to Fix Stuck Windows Updates

Scenario: Windows Update is stuck or failing repeatedly.

# Clear the Windows Update cache
.\Invoke-RemoteMaintenance.ps1 -ComputerName "UPDATE-STUCK-PC" -Task ClearUpdateCache -Credential $cred

What it does:

  1. Stops Windows Update service
  2. Stops BITS service
  3. Clears C:\Windows\SoftwareDistribution\Download
  4. Restarts services

After clearing, trigger new update check:

# On the target PC (optional follow-up)
wuauclt /detectnow

How to Clear Browser Cache

Scenario: CMM or inspection PCs have slow browser performance.

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "CMM-PC01" -Task ClearBrowserCache -Credential $cred

# All CMM PCs
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task ClearBrowserCache -Credential $cred

What it does:

  • Clears Chrome cache directories
  • Clears Edge cache directories
  • Does NOT clear saved passwords or bookmarks

How to Manage Services

Fix Printing Issues

# Restart print spooler on a PC with stuck print jobs
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PRINT-PROBLEM-PC" -Task RestartSpooler -Credential $cred

What it does:

  1. Stops Print Spooler service
  2. Clears print queue
  3. Restarts Print Spooler service

Fix DNS Resolution Issues

# Flush DNS cache when a PC can't resolve hostnames
.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNS-ISSUE-PC" -Task FlushDNS -Credential $cred

# Flush DNS on all PCs in a business unit
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task FlushDNS -Credential $cred

Fix Remote Management Issues

# Restart WinRM if subsequent remote commands fail
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WINRM-ISSUE-PC" -Task RestartWinRM -Credential $cred

Note: Connection will briefly drop during restart.

How to Fix Time Sync Issues

Scenario: PC clock is wrong, causing certificate errors or login issues.

Set Correct Timezone

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WRONG-TIME-PC" -Task SetTimezone -Credential $cred

# All shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task SetTimezone -Credential $cred

Sets timezone to: Eastern Standard Time

Force Time Synchronization

# Sync time with domain controller
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WRONG-TIME-PC" -Task SyncTime -Credential $cred

Full time fix sequence:

# Step 1: Set correct timezone
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task SetTimezone -Credential $cred

# Step 2: Sync time
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task SyncTime -Credential $cred

How to Update DNC Configurations

Update DNC MX Hosts

Scenario: FtpHostPrimary/FtpHostSecondary in DNC\MX registry needs updating (hostname migration).

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNC-PC01" -Task UpdateDNCMXHosts -Credential $cred

# All shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task UpdateDNCMXHosts -Credential $cred

What it does:

  1. Checks both 32-bit (WOW6432Node) and 64-bit registry paths
  2. Only updates values matching the old hostname - skips unexpected values
  3. Safe to run on all PCs: no-ops if DNC\MX key doesn't exist

Audit DNC Config vs UDC Backup

Scenario: Verify DNC registry settings match UDC backup JSON files.

.\Invoke-RemoteMaintenance.ps1 -All -Task AuditDNCConfig -Credential $cred -LogFile

What it does:

  1. Reads DNC registry values (General, eFocas, Hssb, PPDCS keys)
  2. Compares against UDC backup JSON files on the network share
  3. Reports MATCH/MISMATCH/MISSING for each field
  4. Exports CSV report to logs/

Check Defect Tracker Status

.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task CheckDefectTracker -Credential $cred

What it does:

  1. Checks if Defect_Tracker.exe is running on each PC
  2. Reports machine number + running status
  3. Exports CSV report to logs/

How to Deploy Files

Scenario: Push any file to remote PCs with automatic backup of existing files.

Basic File Copy

# Copy a config file to a specific destination
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01","PC02" -Task CopyFile `
    -SourcePath "\\server\share\config.json" `
    -DestinationPath "C:\ProgramData\App\config.json" `
    -Credential $cred

What it does:

  1. Copies source file to C:\Windows\Temp\ on remote PC via WinRM
  2. Creates backup of existing file (if any) with timestamp
  3. Moves temp file to final destination
  4. Verifies deployment

File Copy with Post-Copy Command

Scenario: Deploy a file and restart a service/app in the logged-in user's session.

# Deploy eMxInfo.txt and kill DNC so it picks up the new file
.\Invoke-RemoteMaintenance.ps1 -All -Task CopyFile `
    -SourcePath "\\server\share\eMxInfo.txt" `
    -DestinationPath "C:\Program Files (x86)\DNC\Server Files\eMxInfo.txt" `
    -RunCommand "taskkill /IM DNCMain.exe /F" `
    -Credential $cred

# Deploy UDC config (no restart needed)
.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task CopyFile `
    -SourcePath "\\server\share\udc_webserver_settings.json" `
    -DestinationPath "C:\ProgramData\UDC\udc_webserver_settings.json" `
    -Credential $cred

The -RunCommand runs via a one-shot scheduled task as the logged-in user, so it works for user-session processes (same pattern as Dashboard/Lobby Display kiosk relaunch).

How to Import Registry Files

Scenario: Apply registry settings from a .reg file to remote PCs.

# Import a .reg file on all shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task ImportReg `
    -SourcePath "\\server\share\intranet-zone.reg" `
    -Credential $cred

# Import on specific PCs
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ImportReg `
    -SourcePath "C:\Scripts\my-settings.reg" `
    -Credential $cred

What it does (default — as logged-in user):

  1. Copies .reg file to C:\Windows\Temp\ on remote PC via WinRM
  2. Creates a one-shot scheduled task as the logged-in user
  3. Runs regedit.exe /s to silently import the registry file
  4. Cleans up temp file and scheduled task

HKCU support: Because the import runs as the logged-in user (via scheduled task), both HKLM and HKCU keys in the .reg file are applied correctly. If no user is logged in, it falls back to direct import (HKLM only).

HKLM-Only / System Context

Use -AsSystem when the .reg file only contains HKLM keys and you want to skip the scheduled task overhead:

# Import HKLM-only registry settings directly as SYSTEM
.\Invoke-RemoteMaintenance.ps1 -All -Task ImportReg `
    -SourcePath "\\server\share\machine-policy.reg" `
    -AsSystem -Credential $cred

This runs regedit.exe /s directly in the WinRM session (SYSTEM context). Faster, but HKCU keys will not apply to any user.

How to Deploy Software

Install GE Aerospace Dashboard

Scenario: Convert a PC to a Dashboard kiosk.

# Single PC installation
.\Invoke-RemoteMaintenance.ps1 -ComputerName "NEWKIOSK-01" -Task InstallDashboard -Credential $cred

# Multiple PCs from a list
$kiosks = @("KIOSK-01", "KIOSK-02", "KIOSK-03")
.\Invoke-RemoteMaintenance.ps1 -ComputerName $kiosks -Task InstallDashboard -Credential $cred

What it does:

  1. Pings target PC (skips if offline)
  2. Copies installer from network share to C:\Windows\Temp\
  3. Kills running Edge kiosk
  4. Runs silent installation (120-second timeout)
  5. Relaunches Edge kiosk via scheduled task as the logged-in user
  6. Cleans up installer and scheduled task

No reboot required — Edge relaunches automatically in the logged-in user's session.

# Deploy to all Dashboard kiosks
.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task InstallDashboard -Credential $cred

# Deploy to all Lobby Display kiosks
.\Invoke-RemoteMaintenance.ps1 -PcType "Lobby Display" -Task InstallLobbyDisplay -Credential $cred

Install Lobby Display

.\Invoke-RemoteMaintenance.ps1 -ComputerName "LOBBY-01" -Task InstallLobbyDisplay -Credential $cred

Uninstall Dashboard or Lobby Display

# Remove Dashboard
.\Invoke-RemoteMaintenance.ps1 -ComputerName "OLD-KIOSK" -Task UninstallDashboard -Credential $cred

# Remove Lobby Display
.\Invoke-RemoteMaintenance.ps1 -ComputerName "OLD-LOBBY" -Task UninstallLobbyDisplay -Credential $cred

How to Reboot PCs

Single PC Reboot

.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC-TO-REBOOT" -Task Reboot -Credential $cred

Note: Reboot has a 30-second delay to allow graceful shutdown.

Reboot All Dashboard PCs

# Reboot all Dashboard PCs (e.g., for software update)
.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred

Reboot All Lobby Display PCs

.\Invoke-RemoteMaintenance.ps1 -PcType "Lobby Display" -Task Reboot -Credential $cred

Reboot PCs by Business Unit

# Reboot all HPT PCs during maintenance window
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit HPT -Task Reboot -Credential $cred

How to Run Batch Operations

Using a Computer List File

Create a text file with one hostname per line:

# shopfloor-pcs.txt
PC001
PC002
PC003
PC004
PC005

Run tasks against the list:

.\Invoke-RemoteMaintenance.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Task FlushDNS -Credential $cred

Running Multiple Tasks in Sequence

# Maintenance routine for a PC
$pc = "SHOPFLOOR-PC01"

# Step 1: Clear caches
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task ClearUpdateCache -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task ClearBrowserCache -Credential $cred

# Step 2: Disk cleanup
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task DiskCleanup -Credential $cred

# Step 3: Repair
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task DISM -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SFC -Credential $cred

# Step 4: Sync time
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SetTimezone -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SyncTime -Credential $cred

# Step 5: Reboot
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task Reboot -Credential $cred

Targeting Strategies

By Individual PCs

Best for: Specific troubleshooting, targeted fixes

.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

By PC Type

Best for: Type-specific maintenance, software updates

# All CMM PCs
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task DiskCleanup -Credential $cred

# All Dashboard kiosks
.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred

By Business Unit

Best for: Department-specific maintenance windows

# All Blisk area PCs
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task SyncTime -Credential $cred

All Shopfloor PCs

Best for: Global maintenance, security updates

# Flush DNS everywhere
.\Invoke-RemoteMaintenance.ps1 -All -Task FlushDNS -Credential $cred -ThrottleLimit 10

Using a List File

Best for: Custom groups, staged rollouts

.\Invoke-RemoteMaintenance.ps1 -ComputerListFile ".\phase1-pcs.txt" -Task DISM -Credential $cred

Troubleshooting

Task Times Out

Cause: Task takes longer than session timeout.

Solution: DISM and SFC can take a long time. Check if task completed on target:

# Check DISM log
Invoke-Command -ComputerName "PC01" -Credential $cred -ScriptBlock {
    Get-Content "C:\Windows\Logs\DISM\dism.log" -Tail 50
}

"Access Denied" on Some PCs

Cause: Credentials don't have admin rights on that PC.

Solutions:

  1. Use different credentials
  2. Add account to local Administrators group on target
  3. Check if UAC is blocking remote admin

Software Installation Fails

Cause: Network share not accessible or installer missing.

Solutions:

  1. Verify network share path is accessible
  2. Check installer exists at expected location
  3. Verify credentials can access the share

Reboot Doesn't Happen

Cause: User cancelled shutdown or application blocked it.

Solutions:

# Force immediate reboot (no 30-second delay)
Invoke-Command -ComputerName "PC01" -Credential $cred -ScriptBlock {
    Restart-Computer -Force
}

Best Practices

1. Start Small

Test on one PC before running against groups:

# Test on single PC first
.\Invoke-RemoteMaintenance.ps1 -ComputerName "TEST-PC" -Task DISM -Credential $cred

2. Use Appropriate Throttle Limits

Scenario Recommended ThrottleLimit
Fast network, light tasks 10-25
Normal operations 5 (default)
Heavy tasks (DISM, Defrag) 2-3
Slow network 2-3

3. Schedule Disruptive Tasks

Run reboots and heavy tasks during maintenance windows:

  • DISM/SFC: After hours
  • Disk optimization: After hours
  • Reboots: During shift changes or maintenance windows

4. Verify Before Rebooting

Always confirm which PCs will be affected:

# Check PC type before reboot
.\Update-ShopfloorPCs-Remote.ps1 -PcType Dashboard -WhatIf

5. Keep Logs

Redirect output for audit trail:

.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred | Tee-Object -FilePath "maintenance-log-$(Get-Date -Format 'yyyyMMdd').txt"
Reference in New Issue View Git Blame Copy Permalink