POWERSHELL 2.0 REMOTING

UK POWERSHELL USER GROUP

Jonathan Medd

I have a dream...........

Ben Pearce, Microsoft PFE, gave me that dream in Oct 2008.......

......and now that dream has come true!PowerShell Remoting is here and I can manage my entire Windows estate from the comfort of my Home Cinema.

PowerShell 2.0 – New Cmdlets with Remoting Functionality PowerShell 1.0 only had Get-WmiObject -

Computername PowerShell 2.0 has 35 cmdlets with

ComputerName paramter Examples: Get-Service, Restart-Computer,

Write-EventLog Use protocols such as RPC & DCOM Find them with Get-Command | Where-

Object {$_.definition -match 'computername'}

Software Requirements for Full-Fat Remoting

Typically HTTP on port 5985, open for WinRM 2.0. HTTPS on (5986)

PowerShell 2.0 and WinRM 2.0 So either:

Windows Server 2008 R2 or Windows 7Windows Server 2003 or Windows XP and

later with the Windows Management Framework Installed which includes PowerShell 2.0 and WinRM 2.0

Enable-PSRemoting

Run as administrator Confirmation of changes

Additional Requirements if in Workgroup not Domain If OS is XP then set Network Access: Sharing and

Security Model for local accounts) to Classic. Then, for any Windows Operating System, including

Windows XP, you will need to add the names of the remote computer(s) into the TrustedHosts setting of WinRM

Set-Item WSMan:localhost\Client\TrustedHosts -value ServerName

Enable via Group Policy

Allow automatic configuration of listeners Computer Configuration\Policies\Administrative Templates\

Windows Components\Windows Remote Management\WinRM Service\

Manual Firewall Settings

Enable Windows Remote Management

Interactive PowerShell Remoting

Enter-PSSession –ComputerName Server01

Similar to Telnet / SSH Kerberos authentication by default,

encryption can be added with SSL Exit-PSSession when finished.

Session is torn down at this point

Interactive PowerShell Remoting Demo

If we stopped at this point even this interactive story would be great……..

30 years of catch-up on remote command line management

SSH is so 2007.....

Persistent PowerShell Remoting

Persistent PowerShell Remoting

Let’s create multiple sessions and store them in a variable $sessions

$sessions = New-PSSession –ComputerName (Get-Content Servers.txt)

Can be accessed by cmdlets like Enter-PSSession or Invoke-Command

Are maintained after the session has been used, until timeout period expired

Basic Session Options

New-PSSession Parameters: -Credential: e.g. Domain01\User01 -Name: a friendly name to refer to them

with -Port: alternate port number to use -ThrottleLimit: max number of outbound

sessions from this command, 32 by default Other parameters are available, check Get-

Help!

Advanced Session Options

New-PSSessionOption Parameters: -IdleTimeout: Default is 4 mins -OpenTimeout -OperationTimeout -NoCompression Other parameters are available, check

Get-Help! Used via New-PSSession -

SessionOption

Advanced Session Options Set at the Destination

Register-PSSessionConfiguration Create customised session

configurations to present to remote connections.

-StartupScript: most interesting parameter

Used via New-PSSession -ConfigurationName

Using Persistent Sessions

Invoke-Command –Session $sessions –ScriptBlock {Get-Culture}

Note the PSComputerName Property returned Invoke-Command –Session $sessions –

FilePath C:\Scripts\QueryServer.ps1 You can now run any existing script against

all your remote servers

If you’re using Windows and not retiring in the next

12 – 18 months, you need to learn PowerShell!

Implicit PowerShell Remoting

Use Management Tools from remote servers on your client workstation

No need to install modules locally Import-PSSession –Session $session

–Module ActiveDirectory All cmdlets from Active Directory

module now available on local workstation

Obligatory Cloud Slide

Exchange Online (BPOS) $LiveCred = Get-Credential $Session = New-PSSession -ConnectionUri

https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session A Cloud Service Provider can supply you

with the tools you need to manage their service with no local installation required

Links

Simple-Talk Article http://www.simple-talk.com/sysadmin/powershell/new-remoting-features-in-powershell-2.0/

Administrators Guide to PowerShell Remoting http://powershell.com/cs/media/p/4908.aspx

Layman’s Guide to PowerShell Remoting http://www.ravichaganti.com/blog/?p=1305