#Requires -RunAsAdministrator <# .SYNOPSIS Sets up WinRM configuration for remote asset collection. .DESCRIPTION This script configures WinRM settings to enable remote PowerShell execution for asset collection across shopfloor computers. .PARAMETER TrustedHosts Comma-separated list of trusted hosts (IP addresses or computer names). Use "*" to trust all hosts (less secure but simpler). .PARAMETER TestConnection Test WinRM connection to specified computers after setup. .EXAMPLE .\Setup-WinRM.ps1 -TrustedHosts "10.48.130.100,10.48.130.101" .EXAMPLE .\Setup-WinRM.ps1 -TrustedHosts "*" .NOTES Author: System Administrator Date: 2025-09-26 Version: 1.0 #> param( [Parameter(Mandatory=$false)] [string]$TrustedHosts = "", [Parameter(Mandatory=$false)] [string[]]$TestConnection = @() ) function Show-WinRMStatus { Write-Host "=== Current WinRM Configuration ===" -ForegroundColor Cyan try { $winrmStatus = Get-Service WinRM Write-Host "WinRM Service Status: $($winrmStatus.Status)" -ForegroundColor $(if($winrmStatus.Status -eq 'Running') {'Green'} else {'Red'}) $listeners = winrm enumerate winrm/config/listener Write-Host "WinRM Listeners: $($listeners.Count) configured" -ForegroundColor Gray $trustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts).Value Write-Host "Current Trusted Hosts: $trustedHosts" -ForegroundColor Gray } catch { Write-Host "Error checking WinRM status: $($_.Exception.Message)" -ForegroundColor Red } Write-Host "" } function Enable-WinRMConfiguration { param([string]$TrustedHosts) Write-Host "=== Configuring WinRM ===" -ForegroundColor Cyan try { # Enable PowerShell Remoting Write-Host "Enabling PowerShell Remoting..." -ForegroundColor Yellow Enable-PSRemoting -Force -SkipNetworkProfileCheck Write-Host "[OK] PowerShell Remoting enabled" -ForegroundColor Green # Start WinRM service Write-Host "Starting WinRM service..." -ForegroundColor Yellow Start-Service WinRM Set-Service WinRM -StartupType Automatic Write-Host "[OK] WinRM service started and set to automatic" -ForegroundColor Green # Configure trusted hosts if specified if (-not [string]::IsNullOrEmpty($TrustedHosts)) { Write-Host "Setting trusted hosts to: $TrustedHosts" -ForegroundColor Yellow Set-Item WSMan:\localhost\Client\TrustedHosts -Value $TrustedHosts -Force Write-Host "[OK] Trusted hosts configured" -ForegroundColor Green } else { Write-Host "[SKIP] No trusted hosts specified" -ForegroundColor Yellow } # Configure firewall Write-Host "Configuring Windows Firewall..." -ForegroundColor Yellow try { Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True Write-Host "[OK] Firewall rule enabled" -ForegroundColor Green } catch { Write-Host "[WARN] Could not configure firewall rule: $($_.Exception.Message)" -ForegroundColor Yellow } # Set authentication Write-Host "Configuring authentication..." -ForegroundColor Yellow Set-Item WSMan:\localhost\Service\Auth\Basic -Value $true Set-Item WSMan:\localhost\Service\Auth\CredSSP -Value $true Write-Host "[OK] Authentication configured" -ForegroundColor Green Write-Host "" Write-Host "WinRM configuration completed successfully!" -ForegroundColor Green } catch { Write-Host "Error configuring WinRM: $($_.Exception.Message)" -ForegroundColor Red return $false } return $true } function Test-WinRMConnections { param([string[]]$Computers) if ($Computers.Count -eq 0) { return } Write-Host "=== Testing WinRM Connections ===" -ForegroundColor Cyan $credential = Get-Credential -Message "Enter credentials for testing remote connections" if (-not $credential) { Write-Host "No credentials provided for testing" -ForegroundColor Yellow return } foreach ($computer in $Computers) { Write-Host "Testing connection to $computer..." -NoNewline try { $session = New-PSSession -ComputerName $computer -Credential $credential -ErrorAction Stop Remove-PSSession $session Write-Host " [OK]" -ForegroundColor Green } catch { Write-Host " [FAIL] $($_.Exception.Message)" -ForegroundColor Red } } Write-Host "" } function Show-NextSteps { Write-Host "=== Next Steps ===" -ForegroundColor Cyan Write-Host "" Write-Host "1. Ensure target computers have WinRM enabled:" -ForegroundColor Yellow Write-Host " Run this script on each target computer:" -ForegroundColor White Write-Host " .\Setup-WinRM.ps1" -ForegroundColor Gray Write-Host "" Write-Host "2. Create your computer list file:" -ForegroundColor Yellow Write-Host " Copy shopfloor-pcs-example.txt to shopfloor-pcs.txt" -ForegroundColor White Write-Host " Edit the file to include your actual computer IP addresses" -ForegroundColor White Write-Host "" Write-Host "3. Test connections:" -ForegroundColor Yellow Write-Host " .\Invoke-RemoteAssetCollection.ps1 -ComputerList @('10.48.130.100') -TestConnections" -ForegroundColor Gray Write-Host "" Write-Host "4. Run asset collection:" -ForegroundColor Yellow Write-Host " .\Invoke-RemoteAssetCollection.ps1 -ComputerListFile .\shopfloor-pcs.txt" -ForegroundColor Gray Write-Host " or" -ForegroundColor White Write-Host " .\Run-RemoteCollection.bat" -ForegroundColor Gray Write-Host "" } # Main execution try { Write-Host "=== WinRM Setup Script ===" -ForegroundColor Cyan Write-Host "Date: $(Get-Date)" -ForegroundColor Gray Write-Host "" # Show current status Show-WinRMStatus # Configure WinRM $success = Enable-WinRMConfiguration -TrustedHosts $TrustedHosts if ($success) { # Show updated status Show-WinRMStatus # Test connections if requested if ($TestConnection.Count -gt 0) { Test-WinRMConnections -Computers $TestConnection } # Show next steps Show-NextSteps } } catch { Write-Host "Fatal error: $($_.Exception.Message)" -ForegroundColor Red exit 1 }