November 15th, 2010

Use PowerShell Cmdlets to Administer Windows Remotely


Summary: Microsoft Scripting Guy Ed Wilson shows how to use Windows PowerShell cmdlets to administer remote computers.

 

Hey, Scripting Guy! QuestionHey, Scripting Guy! I need to be able to work with remote computers. Is there a good way to do this with Windows PowerShell?

— DN

 

Hey, Scripting Guy! AnswerHello DN, Microsoft Scripting Guy Ed Wilson here. I was recently reading Shakespeare’s The Tragedy of Hamlet, Prince of Denmark  again when I ran across his famous soliloquy. One reason for reading Shakespeare, for me, is to try to expand my horizons beyond geekdom; unfortunately, it is not working. I am a geek at heart. As my eyes scanned across the pages of Bevington drawing me deeper and deeper into the world of intrigue, revenge, and scandal, I still could not still my inner geek. I could not help myself; I began to translate Hamlet into Windows PowerShell. Here is the tragic Hamlet’s soliloquy.

PS C:\> $2b = “hamlet”
PS C:\> $question = ($2b -OR !($2b))
PS C:\> $question
True
PS C:\>

 

One thing to be aware of, the parentheses around the question are not required. In addition to using parentheses for grouping, I also like to use them to make code easier to read. Easier to read, is of course, sometimes a matter of personal preference. The question, without parentheses appears here.

$question = $2b -OR !$2b

 

Speaking of Denmark, the following figure is a picture I took of the Copenhagen Opera House. I was able to attend the ballet there one night while I was in Copenhagen, Denmark teaching a Windows PowerShell class.

 

The cool thing about the Copenhagen Opera House is that it is on an island, and I had to take a water taxi to access it. The Royal Danish Theatre is in the central part of Copenhagen. The new opera house is more remote.

Speaking of remote, DN, Windows PowerShell 2.0 incorporates a strong remoting solution that lets you work remotely. The problem is that remoting will not work with the default configuration of Windows. There are basically two kinds of remoting included with Windows PowerShell 2.0.

The first kind of remoting, uses the computername parameter. In Windows PowerShell 1.0 only one cmdlet contained a computername parameter; that cmdlet was the Get-WmiObject cmdlet. The remoting capability that is exposed with the Get-WmiObject cmdlet is the same remoting capability that is native in Windows Management Instrumentation (WMI). It relies on DCOM, and in order to use it, you have to open ports in the Windows Firewall. In addition, you must be a member of the Local Administrators group on the remote computer (although it is possible to change the security permissions for WMI to enable a non-admin access).

To find the Windows PowerShell cmdlets that natively support remoting I only have to use the Get-Help cmdlet. By specifying a value of computername for the parameter parameter of the Get-Help Windows PowerShell cmdlet I can find all the cmdlets that have a parameter named computername. The command and associated output is here.

PS C:\> Get-Help * -Parameter computername | Format-Table name, synopsis -AutoSize -Wrap

 

Name                 Synopsis

—-                 ——–

Get-WinEvent         Gets events from event logs and event tracing log files on loca

                     l and remote computers.

Get-Counter          Gets performance counter data from local and remote computers.

Test-WSMan           Tests whether the WinRM service is running on a local or remote

                      computer.

Invoke-WSManAction   Invokes an action on the object that is specified by the Resour

                     ce URI and by the selectors.

Connect-WSMan        Connects to the WinRM service on a remote computer.

Disconnect-WSMan     Disconnects the client from the WinRM service on a remote compu

                     ter.

Get-WSManInstance    Displays management information for a resource instance specifi

                     ed by a Resource URI.

Set-WSManInstance    Modifies the management information that is related to a resour

                     ce.

Remove-WSManInstance Deletes a management resource instance.

New-WSManInstance    Creates a new instance of a management resource.

Invoke-Command       Runs commands on local and remote computers.

New-PSSession        Creates a persistent connection to a local or remote computer.

Get-PSSession        Gets the Windows PowerShell sessions (PSSessions) in the curren

                     t session.

Remove-PSSession     Closes one or more Windows PowerShell sessions (PSSessions).

Receive-Job          Gets the results of the Windows PowerShell background jobs in t

                     he current session.

Enter-PSSession      Starts an interactive session with a remote computer.

Get-EventLog         Gets the events in an event log, or a list of the event logs, o

                     n the local or remote computers.

Clear-EventLog       Deletes all entries from specified event logs on the local or r

                     emote computers.

Write-EventLog       Writes an event to an event log.

Limit-EventLog       Sets the event log properties that limit the size of the event

                     log and the age of its entries.

Show-EventLog        Displays the event logs of the local or a remote computer in Ev

                     ent Viewer.

New-EventLog         Creates a new event log and a new event source on a local or re

                     mote computer.

Remove-EventLog      Deletes an event log or unregisters an event source.

Get-WmiObject        Gets instances of Windows Management Instrumentation (WMI) clas

                     ses or information about the available classes.

Invoke-WmiMethod     Calls Windows Management Instrumentation (WMI) methods.

Get-Process          Gets the processes that are running on the local computer or a

                     remote computer.

Remove-WmiObject     Deletes an instance of an existing Windows Management Instrumen

                     tation (WMI) class.

Register-WmiEvent    Subscribes to a Windows Management Instrumentation (WMI) event.

Get-Service          Gets the services on a local or remote computer.

Set-Service          Starts, stops, and suspends a service, and changes its properti

                     es.

Set-WmiInstance      Creates or updates an instance of an existing Windows Managemen

                     t Instrumentation (WMI) class.

Get-HotFix           Gets the hotfixes that have been applied to the local and remot

                     e computers.

Test-Connection      Sends ICMP echo request packets (“pings”) to one or more comput

                     ers.

Restart-Computer     Restarts (“reboots”) the operating system on local and remote c

                     omputers.

Stop-Computer        Stops (shuts down) local and remote computers.

 

 

PS C:\>

 

As you can see, many of the Windows PowerShell cmdlets that have a computername parameter are related to either wsman, or to working with Windows PowerShell sessions. If I remove those cmdlets from the output, a more streamlined list results. The command I used to do this is shown here where I used the question mark alias (?) for the Where-Object cmdlet.

PS C:\> Get-Help * -Parameter computername | ? { $_.name -notmatch “WSMan” -AND $_.Na
me -notmatch “PSSession”}

Name                              Category  Synopsis
—-                              ——–  ——–
Get-WinEvent                      Cmdlet    Gets events from event logs and event…
Get-Counter                       Cmdlet    Gets performance counter data from lo…
Invoke-Command                    Cmdlet    Runs commands on local and remote com…
Receive-Job                       Cmdlet    Gets the results of the Windows Power…
Get-EventLog                      Cmdlet    Gets the events in an event log, or a…
Clear-EventLog                    Cmdlet    Deletes all entries from specified ev…
Write-EventLog                    Cmdlet    Writes an event to an event log.
Limit-EventLog                    Cmdlet    Sets the event log properties that li…
Show-EventLog                     Cmdlet    Displays the event logs of the local …
New-EventLog                      Cmdlet    Creates a new event log and a new eve…
Remove-EventLog                   Cmdlet    Deletes an event log or unregisters a…
Get-WmiObject                     Cmdlet    Gets instances of Windows Management …
Invoke-WmiMethod                  Cmdlet    Calls Windows Management Instrumentat…
Get-Process                       Cmdlet    Gets the processes that are running o…
Remove-WmiObject                  Cmdlet    Deletes an instance of an existing Wi…
Register-WmiEvent                 Cmdlet    Subscribes to a Windows Management In…
Get-Service                       Cmdlet    Gets the services on a local or remot…
Set-Service                       Cmdlet    Starts, stops, and suspends a service…
Set-WmiInstance                   Cmdlet    Creates or updates an instance of an …
Get-HotFix                        Cmdlet    Gets the hotfixes that have been appl…
Test-Connection                   Cmdlet    Sends ICMP echo request packets (“pin…
Restart-Computer                  Cmdlet    Restarts (“reboots”) the operating sy…
Stop-Computer                     Cmdlet    Stops (shuts down) local and remote c…

PS C:\>

 

Some cmdlets let you specify credentials. This enables you to use a different user account than the one that is currently logged on. This is seen here.

PS C:\> Get-WinEvent -LogName application -MaxEvents 1 -ComputerName ex1 -Credential

nwtraders\administrator

 

TimeCreated           ProviderName                           Id Message

———–           ————                           — ——-

11/9/2010 11:54:14 AM MSExchange ADAccess                  2080 Process MAD.EXE (…

 

 

PS C:\>

 

When the command runs, a dialog box is displayed to enable me to type the credentials. The dialog box is seen in the following figure.

 

Other cmdlets, such as Get-Service or Get-Process do not have a credential parameter. Therefore, the command impersonates the user who is logged on. This is illustrated here.

PS C:\> Get-Service -ComputerName hyperv -Name bits

 

Status   Name               DisplayName

——   —-               ———–

Running  bits               Background Intelligent Transfer Ser…

 

 

PS C:\>

 

However, by holding down the Shift Key and right-clicking on the Windows PowerShell icon, I bring up an action menu that enables me to run the program as a different user. This menu is seen in the following figure.

 

The credential dialog box, as seen in the following figure, appears.

 

By using the Run As Different User dialog box, alternative credentials can be used for Windows PowerShell cmdlets that do not support the credential parameter.

DN, that is all there is to using the Windows PowerShell cmdlets that support remoting. Remoting week will continue tomorrow when I will talk about how to use Windows PowerShell remoting.

I invite you to follow me on Twitter or Facebook. If you have any questions, send email to me at scripter@microsoft.com or post them on the Official Scripting Guys Forum.. See you tomorrow. Until then, peace.

 

Ed Wilson, Microsoft Scripting Guy 

 

Author

0 comments

Discussion are closed.