OwnBlog from DimiG    About    Archive    RSS

PowerShell remoting HowTo

I continue my articles regarding the PowerShell setup. This one will be dedicated to Remoting setup. PowerShell Remoting allows you get access the full PowerShell sessions on remote Windows systems.

By default the PowerShell is locked-down, so you’ll have to enable PowerShell Remoting before using it. Setup process is a little bit confusing if you’re using a WORKGROUP with a home network and NO Domain.

Setup the PowerShell Remoting you have to:
   1. Enabling PowerShell Remoting;
   2. Workgroup Setting Up;
   3. Testing the Connection;
   4. Starting a Remote Session.
OK, Let’s go to make it real.

All system manipulations with PowerShell configuration on remote computer need to be executed inside the PowerShell console in Administrator mode.
Look at my previous posts to get info how to do it.

To enable PowerShell Remoting, run the following command:

PS C:\> Enable-PSRemoting -Force

This command starts the WinRM service, configures it to start automatically on your system, and creates a FIREWALL rules that allows incoming connections. The -Force part of the command tells PowerShell to perform these actions without prompting you for every step.

If you have local computers without Domain you have to do the extra steps. Run the Enable-PSRemoting -Force command on the computer you want to connect from. On both computers, configure the TrustedHosts setting so the computers will trust each other. Any computer will connect by this command:

PS C:\> Set-Item wsman:\localhost\client\trustedhosts *

You can also replace the * with a comma-separated list of IP addresses or computer names.

On both computers, restart the WinRM service to give your new settings will take effect:

PS C:\> Restart-Service WinRM

Now we can test the connection by:

PS C:\> Test-WsMan COMPUTER

The COMPUTER name needs to replace on target computer name. If NO ERROR messages lets go to the last step.

Start the remote session is possible by this command:

PS C:\> Enter-PSSession -ComputerName COMPUTER`
>> -Credential USER

Replace the COMPUTER and USER names to your destination computer parameters.

If you prefer to invoke the single command on remote computer do this by:

PS C:\> Invoke-Command -ComputerName COMPUTER`
>> -ScriptBlock { COMMAND } -credential USERNAME

Additional Notes: If you enter into interactive session by Enter-PSSession command your profile file on remote computer won’t be loaded, so you won’t be able to use your personal aliases and functions there. So, you have to make additional tweaks for it.

You have to create the additional profile on the target machine which will be loaded on enter. On the target computer, where profile.ps1 contains all your functions give such command:

PS C:\> Register-PSSessionConfiguration -Name OwnProfile`
>> -StartupScript $PsHome\profile.ps1

OwnProfile is the name of new remote configuration.

So, now the remote command will looks like this:

PS C:\> Enter-PSSession -ComputerName COMPUTER`
>> -ConfigurationName OwnProfile -Credential USERNAME

By default the PowerShell Remoting allow administrators group connection only. If you plan to get remote access for users or any responsible staff you can configure it on remote computer by this command:

PS C:\> Set-PSSessionConfiguration -Name Microsoft.Powershell`
>> -ShowSecurityDescriptorUI

Answer Yes for all questions. I don’t publish the window screen-shot here cause you can do it easily by pop up panel in old Windows traditions. ;)

If any questions - write in the comments below. Have a nice day!