Enable Remote Commands in Windows PowerShell (Windows Remote Management)

Posted on by

Using WS-Management (WinRM 2.0), Windows PowerShell 2.0 allows scripts and cmdlets to be invoked on a remote machine.

TheĀ Goal

We have two Windows Server 2008 VMs:

  1. Webserver A with an IP address 1.1.1.1 (DNS: remote.example.com)
  2. Server B with an IP 2.2.2.2

We want to run PowerShell commands on the webserver A from the server B.

Configuration

Server A

Open Windows PowerShell and configure the webserver to receive PowerShell remote commands sent by using the WS-Management. Note that On Windows Server 2012, Windows PowerShell remoting is enabled by default.

PS> Enable-PSRemoting -Force

Add server’s B IP address to trusted hosts:

PS> Set-Item wsman:\localhost\client\trustedhosts 2.2.2.2

To view the list of trusted hosts, do:

PS> get-item wsman:\localhost\client\trustedhosts

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client

Name            Value         Type
----            -----         ----
TrustedHosts    2.2.2.2       System.String

Restart WinRM service and check if the server is listening on a TCP port 5985:

PS> Restart-Service WinRM
PS> netstat -na | findstr :5985
  TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING
  TCP    [::]:5985              [::]:0                 LISTENING

You can also use the following command to see the specific IPs on which WinRM is listening: 

PS> winrm enumerate winrm/config/listener

Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 10.1.2.3, 127.0.0.1, ::1, [OUTPUT TRUNCATED]

Firewall needs to be configured to allow traffic to TCP port 5985.

Server B

Run the following commands on the server B:

PS> Enable-PSRemoting -Force

Add server’s A IP address and DNS name to trusted hosts:

PS> Set-Item wsman:\localhost\client\trustedhosts 1.1.1.1
PS> Set-Item wsman:\localhost\client\trustedhosts remote.example.com

Restart WinRM service:

PS> Restart-Service WinRM

Test Windows Remote Management connection to the server A:

PS> Test-WsMan 1.1.1.1
wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor   : Microsoft Corporation
ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 2.0

Using Windows Remote Management

Non-interactive Login with Plaintext Credentials

PS> $password = ConvertTo-SecureString "plaintext-password" -AsPlainText -Force
PS> $cred= New-Object System.Management.Automation.PSCredential ("username", $password )
PS> Enter-PSSession -ComputerName 1.1.1.1 -Credential $cred
[1.1.1.1]: PS C:\Users\username\Documents>

Run Commands on the Remote System

The example below shows how to stop an IIS site called “blog”, change its physical path and then put the site back online:

PS> Invoke-Command -ComputerName 1.1.1.1 -Credential $cred -ScriptBlock {C:\Windows\System32\inetsrv\appcmd.exe stop site "blog"}
PS> Invoke-Command -ComputerName 1.1.1.1 -Credential $cred -ScriptBlock {C:\Windows\System32\inetsrv\appcmd.exe set vdir "blog/" -physicalPath:"C:\inetpub\blog_new"}
PS> Invoke-Command -ComputerName 1.1.1.1 -Credential $cred -ScriptBlock {C:\Windows\System32\inetsrv\appcmd.exe start site "blog"}

Leave a Reply

Your email address will not be published. Required fields are marked *