Remoting

Posted on by

This post is part of the Second Wednesday Demo Session, Click here for more info about additional demo posts.

Here’s a quick introduction to Windows PowerShell remoting. First, we need to Enable remoting on the computers that we want to manage. This is done by using the Enable-PSRemoting cmdlet. Here’s an example.


PS > Enable-PSRemoting


WinRM Quick Configuration
Running command "Set-WSManQuickConfig" to enable this machine for remote management through
 This includes:
    1. Starting or restarting (if already started) the WinRM service
    2. Setting the WinRM service type to auto start
    3. Creating a listener to accept requests on any IP address
    4. Enabling firewall exception for WS-Management traffic (for http only).

Do you want to continue?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y
WinRM already is set up to receive requests on this machine.
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
WinRM firewall exception enabled.

Confirm
Are you sure you want to perform this action?
Performing operation "Registering session configuration" on Target "Session configuration "M
not found. Running command "Register-PSSessionConfiguration Microsoft.PowerShell32 -processo
to create "Microsoft.PowerShell32" session configuration. This will restart WinRM service.".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y

When remoting is enabled on both the client and target computers you can run commands remote using WinRM. PowerShell includes a couple of CmdLets we can use. If we want to start an interactive session against a computer we can use Enter-PSSession.


PS > Enter-PSSession Client01 -Credential powershell\administrator

[client01]: PS C:\Users\Administrator\Documents>

Notice how we use the Credential parameter to specify different credentials.

When we are finished we call the Exit-PSSession CmdLet to end the Remote Session.


[client01]: PS C:\Users\Administrator\Documents> Exit-PSSession

PS >

If we want to run a set of commands against one or more remote computers without starting an interactive session we use the Invoke-Command cmdlet. Here’s an example.


PS > Invoke-Command -ComputerName Client01,Client02 -ScriptBlock {
>> Get-Process
>> } -Cred powershell\administrator
>>

In the example above we run Get-Process against Client01 and Client02. If you study the output from the example above you’ll notice that an additional property PSComputerName
is added. Also note that the object returned to your session are Deserialized “property bags”. These are not live objects, they are snapshots that have properties, but no methods.

When using the ComputerName parameter, each remote connection is opened when the command executes and closed after execution. It’s possible to keep a session open to perform additional actions using the
New-PSSession CmdLet. Here’s an example.


PS > $sessions = New-PSSession -ComputerName DC01,SP01 -Credential powershell\administrator

Now we can use the Session parameter when executing commands remote. Notice that we do not have to specify any Credentials since they are stored in the PSSession opened earlier.


PS > Invoke-Command -Session $sessions -ScriptBlock { Get-Process }

Finally, let’s take a look at CredSSP. CredSSP is used when we want our remote session to have full access to network resources. This is where CredSSP comes into play. You’ll also want to use
CredSSP in double-hop scenarios such as SharePoint remoting. To enable CredSSP you use the Enable-WSManCredSSP CmdLet both on the Client and Target computer. On the target machine, type:


PS > Enable-WSManCredSSP -Role Server


CredSSP Authentication Configuration for WS-Management
CredSSP authentication allows the server to accept user credentials
authentication on the server, the server will have access to the us
client computer sends them. For more information, see the Enable-WS
Do you want to enable CredSSP authentication?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y

cfg               : http://schemas.microsoft.com/wbem/wsman/1/confi
lang              : en-US
Basic             : false
Kerberos          : true
Negotiate         : true
Certificate       : false
CredSSP           : true
CbtHardeningLevel : Relaxed

On the Client computer we use the same command but change the Role to Client. We also specify the Server in the DelegateComputer parameter as shown below.


PS > Enable-WSManCredSSP -role client -delegatecomputer SP01.powershell.nu

Now we can run remote commands using CredSSP.


PS > Enter-PSSession -ComputerName SP01.powershell.nu -Authentication CredSSP -Credential powershell\spAdmin

Note that if you are running within a workgroup you have to enable CredSSP over NTLM.

Rating 4.00 out of 5
[?]

2 thoughts on “Remoting

  1. HI friends,
    thanks for such nice article. But i want to ask one question that, how to call powershell of other machine through application. Application will reside on machine which is outside the domain. Can anybody help?????????????

  2. Pingback: PowerShell: Cool Stuff, Error Handling, Remoting, Jobs, AD, SQL « MS Tech BLOG

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment Spam Protection by WP-SpamFree