PowerShell V2 introduces a new capability which allows you to remotely manage machines in your organization. You may have already tried this new feature. In this blog, I will show how an administrator can manage different remote sessions (created by different users from different clients)
Scenario: Using PowerShell remoting, normal users can perform non-admin tasks on a machine remotely. There might be situations where an Administrator of the machine may want to terminate specific sessions created by specific users.
This Administrator task can be achieved by just restarting WinRM service. However this is not a good solution as it would close all the remote sessions including the Administrator’s sessions (if any). To remove specific sessions, WSMan/WinRM provides cmdlets Get-WSManInstance & Remove-WSManInstance. I will show you how this works.
# Create a remote session as a normal user
PS C:\> $env:computername
KRISCV-LH
PS C:\> $s = nsn kriscv-jhoom -cred kriscv-jhoom\testuser -Authentication negotiate
PS C:\> $s
Id Name ComputerName State ConfigurationName Availability
— —- ———— —– —————– ————
6 Session6 kriscv-jhoom Opened Microsoft.PowerShell Available
PS C:\>
From machine KRISCV-LH, I connected to KRISCV-JHOOM as a testuser. This testuser is not an admin on Kriscv-Jhoom. Let’s say this testuser is consuming lot of CPU on Kriscv-Jhoom and not letting others to do their work. In this scenario, the Administrator of Kriscv-Jhoom can delete the remote sessions created by testuser using Get-WSManInstance and Remove-WSManInstance cmdlets. These cmdlets are remote enabled meaning that these cmdlets can be run either locally on Kriscv-Jhoom or from a remote machine (You should provide Administrator credentials). Let’s see how this works:
PS C:\> $env:computername
KRISCV-Win7
PS C:\> Get-WSManInstance -ConnectionURI http://kriscv-jhoom.wingroup.windeploy.ntdev.microsoft.com:
5985/wsman shell -enumerate -cred wingroup\kriscv
rsp : http://schemas.microsoft.com/wbem/wsman/1/windows/shell
lang : en-US
ShellId : 884D2DB4-C454-4F1C-9AF6-A7DA3D5D8BD7
ResourceUri : http://schemas.microsoft.com/powershell/Microsoft.PowerShell
Owner : kriscv-jhoom\testuser
ClientIP : 2001:4898:2b:2:4878:5933:c82c:2cbd
IdleTimeOut : PT180.000S
InputStreams : stdin pr
OutputStreams : stdout
ShellRunTime : P0DT0H17M33S
ShellInactivity : P0DT0H0M33S
Notice how I am using Get-WSManInstance. In the ConnectURI parameter, I am using the port number 5985 as the WinRM/WSMan service on Kriscv-Jhoom is listening on this port. That brings us to the point of Port change. By default starting from Win7 RC, WinRM listens on port 5985 not port 80(for http traffic). The /WSMan in the query portion implies to retrieve remote sessions serviced by WSMan (WinRM) service.
Notice the output, for each remotely created session you are getting information like user who created this session, from which client machine is this remote session established, the ID, the runtime describing how many days,hours,minutes and seconds the session is active etc.
To remove the session, use Remove-WSManInstance cmdlet supplying the ID like this:
PS C:\> remove-WSManInstance -ConnectionURI http://kriscv-jhoom.wingroup.windeploy.ntdev.microsoft.c
om:5985/wsman shell @{ShellID=”884D2DB4-C454-4F1C-9AF6-A7DA3D5D8BD7″} -cred wingroup\kriscv
This will remove the session created by testuser!!
Now let’s see how this is reflected in the $s (session) variable created by testuser on Kriscv-LH
PS C:\> $env:computername
KRISCV-LH
PS C:\> $s
Id Name ComputerName State ConfigurationName Availability
— —- ———— —– —————– ————
6 Session6 kriscv-jhoom Broken Microsoft.PowerShell None
The session is Broken!! So testuser has to create a new session to continue his work. An Administrator can choose to totally block testuser from a creating any session remotely using “Set-PSSessionConfiguration” cmdlet. The –ShowSecurityDescriptorUI parameter will show a nice UI to make these decisions easily.
Thanks
Krishna
Windows PowerShell Development
This posting is provided “AS IS” with no warranties.
0 comments