Summary: Microsoft Scripting Guy Ed Wilson shows how to use Windows PowerShell cmdlets to administer remote computers.
Hey, Scripting Guy! I need to be able to work with remote computers. Is there a good way to do this with Windows PowerShell?
— DN
Hello DN, Microsoft Scripting Guy Ed Wilson here. I was recently reading Shakespeare’s The Tragedy of Hamlet, Prince of Denmark again when I ran across his famous soliloquy. One reason for reading Shakespeare, for me, is to try to expand my horizons beyond geekdom; unfortunately, it is not working. I am a geek at heart. As my eyes scanned across the pages of Bevington drawing me deeper and deeper into the world of intrigue, revenge, and scandal, I still could not still my inner geek. I could not help myself; I began to translate Hamlet into Windows PowerShell. Here is the tragic Hamlet’s soliloquy.
PS C:\> $2b = “hamlet”
PS C:\> $question = ($2b -OR !($2b))
PS C:\> $question
True
PS C:\>
One thing to be aware of, the parentheses around the question are not required. In addition to using parentheses for grouping, I also like to use them to make code easier to read. Easier to read, is of course, sometimes a matter of personal preference. The question, without parentheses appears here.
$question = $2b -OR !$2b
Speaking of Denmark, the following figure is a picture I took of the Copenhagen Opera House. I was able to attend the ballet there one night while I was in Copenhagen, Denmark teaching a Windows PowerShell class.
The cool thing about the Copenhagen Opera House is that it is on an island, and I had to take a water taxi to access it. The Royal Danish Theatre is in the central part of Copenhagen. The new opera house is more remote.
Speaking of remote, DN, Windows PowerShell 2.0 incorporates a strong remoting solution that lets you work remotely. The problem is that remoting will not work with the default configuration of Windows. There are basically two kinds of remoting included with Windows PowerShell 2.0.
The first kind of remoting, uses the computername parameter. In Windows PowerShell 1.0 only one cmdlet contained a computername parameter; that cmdlet was the Get-WmiObject cmdlet. The remoting capability that is exposed with the Get-WmiObject cmdlet is the same remoting capability that is native in Windows Management Instrumentation (WMI). It relies on DCOM, and in order to use it, you have to open ports in the Windows Firewall. In addition, you must be a member of the Local Administrators group on the remote computer (although it is possible to change the security permissions for WMI to enable a non-admin access).
To find the Windows PowerShell cmdlets that natively support remoting I only have to use the Get-Help cmdlet. By specifying a value of computername for the parameter parameter of the Get-Help Windows PowerShell cmdlet I can find all the cmdlets that have a parameter named computername. The command and associated output is here.
PS C:\> Get-Help * -Parameter computername | Format-Table name, synopsis -AutoSize -Wrap
Name Synopsis
—- ——–
Get-WinEvent Gets events from event logs and event tracing log files on loca
l and remote computers.
Get-Counter Gets performance counter data from local and remote computers.
Test-WSMan Tests whether the WinRM service is running on a local or remote
computer.
Invoke-WSManAction Invokes an action on the object that is specified by the Resour
ce URI and by the selectors.
Connect-WSMan Connects to the WinRM service on a remote computer.
Disconnect-WSMan Disconnects the client from the WinRM service on a remote compu
ter.
Get-WSManInstance Displays management information for a resource instance specifi
ed by a Resource URI.
Set-WSManInstance Modifies the management information that is related to a resour
ce.
Remove-WSManInstance Deletes a management resource instance.
New-WSManInstance Creates a new instance of a management resource.
Invoke-Command Runs commands on local and remote computers.
New-PSSession Creates a persistent connection to a local or remote computer.
Get-PSSession Gets the Windows PowerShell sessions (PSSessions) in the curren
t session.
Remove-PSSession Closes one or more Windows PowerShell sessions (PSSessions).
Receive-Job Gets the results of the Windows PowerShell background jobs in t
he current session.
Enter-PSSession Starts an interactive session with a remote computer.
Get-EventLog Gets the events in an event log, or a list of the event logs, o
n the local or remote computers.
Clear-EventLog Deletes all entries from specified event logs on the local or r
emote computers.
Write-EventLog Writes an event to an event log.
Limit-EventLog Sets the event log properties that limit the size of the event
log and the age of its entries.
Show-EventLog Displays the event logs of the local or a remote computer in Ev
ent Viewer.
New-EventLog Creates a new event log and a new event source on a local or re
mote computer.
Remove-EventLog Deletes an event log or unregisters an event source.
Get-WmiObject Gets instances of Windows Management Instrumentation (WMI) clas
ses or information about the available classes.
Invoke-WmiMethod Calls Windows Management Instrumentation (WMI) methods.
Get-Process Gets the processes that are running on the local computer or a
remote computer.
Remove-WmiObject Deletes an instance of an existing Windows Management Instrumen
tation (WMI) class.
Register-WmiEvent Subscribes to a Windows Management Instrumentation (WMI) event.
Get-Service Gets the services on a local or remote computer.
Set-Service Starts, stops, and suspends a service, and changes its properti
es.
Set-WmiInstance Creates or updates an instance of an existing Windows Managemen
t Instrumentation (WMI) class.
Get-HotFix Gets the hotfixes that have been applied to the local and remot
e computers.
Test-Connection Sends ICMP echo request packets (“pings”) to one or more comput
ers.
Restart-Computer Restarts (“reboots”) the operating system on local and remote c
omputers.
Stop-Computer Stops (shuts down) local and remote computers.
PS C:\>
As you can see, many of the Windows PowerShell cmdlets that have a computername parameter are related to either wsman, or to working with Windows PowerShell sessions. If I remove those cmdlets from the output, a more streamlined list results. The command I used to do this is shown here where I used the question mark alias (?) for the Where-Object cmdlet.
PS C:\> Get-Help * -Parameter computername | ? { $_.name -notmatch “WSMan” -AND $_.Na
me -notmatch “PSSession”}
Name Category Synopsis
—- ——– ——–
Get-WinEvent Cmdlet Gets events from event logs and event…
Get-Counter Cmdlet Gets performance counter data from lo…
Invoke-Command Cmdlet Runs commands on local and remote com…
Receive-Job Cmdlet Gets the results of the Windows Power…
Get-EventLog Cmdlet Gets the events in an event log, or a…
Clear-EventLog Cmdlet Deletes all entries from specified ev…
Write-EventLog Cmdlet Writes an event to an event log.
Limit-EventLog Cmdlet Sets the event log properties that li…
Show-EventLog Cmdlet Displays the event logs of the local …
New-EventLog Cmdlet Creates a new event log and a new eve…
Remove-EventLog Cmdlet Deletes an event log or unregisters a…
Get-WmiObject Cmdlet Gets instances of Windows Management …
Invoke-WmiMethod Cmdlet Calls Windows Management Instrumentat…
Get-Process Cmdlet Gets the processes that are running o…
Remove-WmiObject Cmdlet Deletes an instance of an existing Wi…
Register-WmiEvent Cmdlet Subscribes to a Windows Management In…
Get-Service Cmdlet Gets the services on a local or remot…
Set-Service Cmdlet Starts, stops, and suspends a service…
Set-WmiInstance Cmdlet Creates or updates an instance of an …
Get-HotFix Cmdlet Gets the hotfixes that have been appl…
Test-Connection Cmdlet Sends ICMP echo request packets (“pin…
Restart-Computer Cmdlet Restarts (“reboots”) the operating sy…
Stop-Computer Cmdlet Stops (shuts down) local and remote c…
PS C:\>
Some cmdlets let you specify credentials. This enables you to use a different user account than the one that is currently logged on. This is seen here.
PS C:\> Get-WinEvent -LogName application -MaxEvents 1 -ComputerName ex1 -Credential
nwtraders\administrator
TimeCreated ProviderName Id Message
———– ———— — ——-
11/9/2010 11:54:14 AM MSExchange ADAccess 2080 Process MAD.EXE (…
PS C:\>
When the command runs, a dialog box is displayed to enable me to type the credentials. The dialog box is seen in the following figure.
Other cmdlets, such as Get-Service or Get-Process do not have a credential parameter. Therefore, the command impersonates the user who is logged on. This is illustrated here.
PS C:\> Get-Service -ComputerName hyperv -Name bits
Status Name DisplayName
—— —- ———–
Running bits Background Intelligent Transfer Ser…
PS C:\>
However, by holding down the Shift Key and right-clicking on the Windows PowerShell icon, I bring up an action menu that enables me to run the program as a different user. This menu is seen in the following figure.
The credential dialog box, as seen in the following figure, appears.
By using the Run As Different User dialog box, alternative credentials can be used for Windows PowerShell cmdlets that do not support the credential parameter.
DN, that is all there is to using the Windows PowerShell cmdlets that support remoting. Remoting week will continue tomorrow when I will talk about how to use Windows PowerShell remoting.
I invite you to follow me on Twitter or Facebook. If you have any questions, send email to me at scripter@microsoft.com or post them on the Official Scripting Guys Forum.. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy
0 comments