PowerShell Remoting

In my most recent blog, I commented on Windows without windows. I was (and am) somewhat skeptical about Microsoft’s push to discourage the Graphical User Interface (GUI) interface on Windows servers. The GUI interface is more intuitive than PowerShell, but when managing a farm of remote servers, PowerShell can be more convenient and practical.

I worked in a redundant environment where some applications would run on over a dozen servers. When I deployed application updates, I would verify my work. Checking the status of an application by individually logging onto GUIs on a dozen or more servers would have been daunting and time consuming. Checking the status with PowerShell remoting is quicker, easier, and can be scripted.

There are several different PowerShell remoting commands. Many PowerShell commands have the “-computername” option in which an administrator can run a command on a local computer and execute the command over the network on one or multiple remote computers. That can be more efficient than signing on to multiple computers and running commands via the GUI.

Three common ways to PowerShell remote are:

Invoke-command -scriptblock {command} -computername {name(s) of computers separated by commas} [-Credential ]
You can place almost any PowerShell command between the curly braces. This is handy for PowerShell commands that don’t have the -computername option, or other commands that wouldn’t otherwise work remotely.
You can use the -credential option if you need to pass a logon and password.
A handy way to do that is:
$credential = get-credential

get-credential prompt

get-credential prompt

The above command will prompt for the logon and put encrypted credentials into a PowerShell variable
-credential is often unneeded in a domain environment and often needed needed in a workstation environment.

Invoke-command Example:
invoke-command -scriptblock {get process} -computername computer01, computer02 -Credential $credential

Another PowerShell remoting methodology is to open remote shell:
New-pssession {computer name remoting to} [-Credential ]
Enter-pssession {computer name remoting to} [-Credential ]
-credential is optional depending upon your environment

Finally, many PowerShell commands have the -computername option.
Example:
get-service -computername computer01,computer02

Unfortunately many of these commands do not have the -credential paramater. Using commands in a non-domain environment may be problematic.

Remote PowerShell doesn’t always work “out of the box”

The setup can vary depending if the client and destination computers on a workstation computer or a domain computer.

In general, these are the necessary set-up commands:

Remote computer: Enable-PSRemoting
Client computer (this is the computer you are remoting from):
set-item wsman:\localhost\Client\TrustedHosts -value [computer name/s or “*”)

You can check the value by:
get-item wsman:\localhost\Client\TrustedHosts

Some remoting commands require special setup. For example,
get-process requires the remoteregistry service to be running on the destination computer

Summary

Remote Desktop (RDP) with the GUI is an intuitive way of managing computers. If you are monitoring or managing just one or two computers, RDP with GUI can be the way to go. If you are managing a bunch of computers, PowerShell remoting can be handier, easier, and more efficient.

You may also like...