How to Setup Windows PowerShell Remote v 2.0
The ability to create a remote connection is the most important difference between PowerShell v 1.0 and 2.0. However, setting up remoting for the first time, is one of the most difficult tasks in PowerShell, especially in non-domain environments. But no worries, I will lead through the steps and anticipate some of the potential problems with WinRm and TrustedHosts.
PowerShell Remoting Tutorial Topics
- Introduction to PowerShell Remote
- Our PowerShell ‘Remoting’ Mission
- Two Types of Remote PowerShell
- WinRm – The Pre-requisite for Remote PowerShell
- Create a PowerShell Remote Session
- Troubleshooting PowerShell Remote Problems
- Remote Execution Enabler for PowerShell
PowerShell 1.0 is easier to learn than v 2.0, largely because there are few cmdlets and certainly no ability to create a remote session. However, for those who mastered the basics of v 1.0, this inability to run scripts against another machine soon becomes a severe limitation. Furthermore, once you have a working knowledge of PowerShell, then setting up remoting is not so hard after all. It’s almost as though PowerShell 2.0 has this built in hurdle, you won’t be able to use remoting until your good enough to find, and then control, the TrustedHosts configuration.
In many ways my remote PowerShell tutorial reminds me of learning Telnet. Sitting at our own keyboard, yet running the wonderful PowerShell commands against another machine transforms what we can achieve in terms of configuring settings and collecting data about your network empire.
The crucial component for this mission to get remote PowerShell working is WinRm. If you have used a command line program such as NetSh then the techniques for configuring WinRm will be vaguely familiar.
I have divided this Remote PowerShell tutorial into four sections, this breakdown is particularly handy for troubleshooting.
- Install WinRm
- Enable PowerShell Remoting
- Set TrustedHosts *
- Create a Remote Session with PSSession
Goal – To Install the WinRm Service
The problem in explaining how to install WinRm is that each operating system has a different requirement. Windows 7 and Server 2008 R2 already have WinRm, so there is no need worry about installing this service. However, for Vista, XP and Windows Server 2008 you need to download the files from Microsoft and install WinRm. Any doubts on what your machine already has installed either check the Services mmc, or better still use PowerShell and try: Get-Service winrm.
Goal – To Enable PowerShell Remoting
Launch PowerShell v 2.0 as an administrator then try this:
Note that unlike PSSession commands, this function only has one ‘S’ – PSRemoting. Actually, the underling cmdlet is Enable-PSSessionConfiguration. Running Enable-PSRemoting cmdlet achieves the following:
Starts the WinRM service and sets the startup type to Automatic. Enables a firewall exception for WS-Management communications. Creates a listener to accept requests on any IP address.
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
First let us digress and check for PowerShell ‘providers’.
The point of the other command is to show the existence of the WSMan namespace which maps to WinRm. Next we can check its config settings in general and TrustedHosts in particular.
# PowerShell Remoting
Note 1: Beware, plain ‘cd wsman’ fails, we need that colon.
Note 2: You can usually omit the line ‘cd localhost\client’.
Crucial Goal – Configure TrustedHosts *
The concept is straightforward; on the ‘Victim’ machine, the one you are connecting to, you must specify which servers are allowed to connect, these are known as the trusted hosts. Thus if you are on a server called ‘BigServe’, before you can remote to ‘LittleComputer’ you must set TrustedHosts on LittleComputer.
Important: this script will not work unless you are in the localhost\client folder of the WSMan namespace, see above instruction. This method comes into its own in non-domain situation. If you have an Active Directory domain then you can configure TrustedHosts via Group Policy.
# Remote PowerShell Set TrustedHosts
Set-Item TrustedHosts *
# Please remove the # from the next line
# Restart-Service winrm
Note 3: You could simplify the above command to:
Set-Item WSMan:\localhost\Client\TrustedHosts *