{"id":4395,"date":"2012-12-30T06:00:00","date_gmt":"2012-12-30T06:00:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2012\/12\/30\/understanding-powershell-remote-management\/"},"modified":"2012-12-30T06:00:00","modified_gmt":"2012-12-30T06:00:00","slug":"understanding-powershell-remote-management","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/understanding-powershell-remote-management\/","title":{"rendered":"Understanding PowerShell Remote Management"},"content":{"rendered":"

Summary:<\/strong> Understanding Windows PowerShell remote management.<\/p>\n

Weekend Scripter: Enabling Windows remote management<\/h3>\n

Microsoft Scripting Guy, Ed Wilson, is here. Today I thought I would share a portion of my new Windows PowerShell 3.0 Step by Step<\/a> book published by Microsoft Press. This book is available for pre-order now.<\/p>\n

WinRM – Windows Remote Management<\/h4>\n

Windows Server 2012 installs with WinRm configured and running to support remote Windows PowerShell commands. WinRm is Microsoft’s implementation of the industry standard WS-Management Protocol. As such, WinRM provides a firewall friendly method of accessing remote systems in an interoperable manner. It is the remoting mechanism used by the new CIM cmdlets. As soon as the Windows Server 2012 is up and running, you can make a remote connection and run commands, or open an interactive Windows PowerShell console. Windows 8 client, on the other hand, ships with WinRm locked down. Therefore, the first step is to use the Enable-PSRemoting<\/strong> function to configure. When running the Enable-PSRemoting<\/strong> function, the following steps occur.<\/p>\n

1. Start or restart the WinRM service.
2. Setts the WInRM service startup type to Automatic.
3. Creates a listener to accept requests from any Internet Protocol address.
4. Enables inbound firewall excepts for ws-man traffic.
5. Sets a target listener named Microsoft.powershell.
6. Sets a target listener named Microsoft.powershell.workflow.
7. Sets a target listener named Microsoft.powershell32.\nDuring each step of this process the function prompts you to agree or not to performing the specified action. If you are familiar with the steps the function performs, and you do not make any changes from the defaults, you can run the command with the force <\/em>switched parameter and it will not prompt prior to making the changes. The syntax of this command appears here.<\/p>\n

Enable-PSRemoting -Force\nThe use of the Enable-PSRemoting function in interactive mode appears here, along with all associated output from the command.<\/p>\n

PS C:> Enable-PSRemoting\nWinRM Quick Configuration
Running command “Set-WSManQuickConfig” to enable remote management of this computer by using the Windows Remote Management (WinRM) service. This includes: <\/p>\n

1. Starting or restarting (if already started) the WinRM service 
2. Setting the WinRM service startup type to Automatic 
3. Creating a listener to accept requests on any IP address 
4. Enabling Windows Firewall inbound rule exceptions for WS-Management traffic <\/p>\n

(for http only).
Do you want to continue?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is “Y”):y
WinRM has been updated to receive requests.
WinRM service type changed successfully.
WinRM service started.
WinRM has been updated for remote management.
Created a WinRM listener on HTTP:\/\/* to accept WS-Man requests to any IP on this mac
hine.
WinRM firewall exception enabled.
Confirm
Are you sure you want to perform this action?
Performing operation “Set-PSSessionConfiguration” on Target “Name:
microsoft.powershell SDDL:
O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD). This will
allow selected users to remotely run Windows PowerShell commands on this computer”.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is “Y”):y
Confirm
Are you sure you want to perform this action?
Performing operation “Set-PSSessionConfiguration” on Target “Name:
microsoft.powershell.workflow SDDL:
O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD). This will
allow selected users to remotely run Windows PowerShell commands on this computer”.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is “Y”):y
Confirm
Are you sure you want to perform this action?
Performing operation “Set-PSSessionConfiguration” on Target “Name:
microsoft.powershell32 SDDL:
O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD). This will
allow selected users to remotely run Windows PowerShell commands on this computer”.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is “Y”):y
PS C:>\nOnce configured, use the Test-WSMan<\/strong> cmdlet to ensure that the WinRM remoting is properly configured and is accepting requests. A properly configured system replies with the information appearing here.<\/p>\n

PS C:> Test-WSMan -ComputerName w8c504
wsmid : http:\/\/schemas.dmtf.org\/wbem\/wsman\/identity\/1\/wsmanidentity.xsd
ProtocolVersion : http:\/\/schemas.dmtf.org\/wbem\/wsman\/1\/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0\nThis cmdlet works with Windows PowerShell 2.0 remoting as well. The output appearing here is from a domain controller running Windows Server 2008 with Windows PowerShell 2.0 installed and WinRM configured for remote access.<\/p>\n

PS C:> Test-WSMan -ComputerName dc1<\/p>\n

wsmid : http:\/\/schemas.dmtf.org\/wbem\/wsman\/identity\/1\/wsmanidentity.xsd<\/p>\n

ProtocolVersion : http:\/\/schemas.dmtf.org\/wbem\/wsman\/1\/wsman.xsd<\/p>\n

ProductVendor : Microsoft Corporation<\/p>\n

ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 2.0\nIf WinRM is not configured, an error returns from the system. Such an error from a Windows 8 client appears here.<\/p>\n

PS C:> Test-WSMan -ComputerName w8c10
Test-WSMan : <f:WSManFault
xmlns:f=”http:\/\/schemas.microsoft.com\/wbem\/wsman\/1\/wsmanfault” Code=”2150859046″
Machine=”w8c504.iammred.net”><f:Message>WinRM cannot complete the operation. Verify
that the specified computer name is valid, that the computer is accessible over the
network, and that a firewall exception for the WinRM service is enabled and allows
access from this computer. By default, the WinRM firewall exception for public
profiles limits access to remote computers within the same local subnet.
<\/f:Message><\/f:WSManFault>
At line:1 char:1
+ Test-WSMan -ComputerName w8c10
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (w8c10:String) [Test-WSMan], Invali
dOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManComman
D\nKeep in mind that configuring WinRM via the Enable-PSRemoting<\/strong> function does not enable the Remote<\/em> Management<\/em> firewall exception, and therefore PING commands will not work by default when pinging to a Windows 8 client system. This appears here.<\/p>\n

PS C:> ping w8c504
Pinging w8c504.iammred.net [192.168.0.56] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.56:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss).\nPings to a Windows Server 2012, do however, work. This appears here.<\/p>\n

PS C:> ping w8s504
Pinging w8s504.iammred.net [192.168.0.57] with 32 bytes of data:
Reply from 192.168.0.57: bytes=32 time<1ms TTL=128
Reply from 192.168.0.57: bytes=32 time<1ms TTL=128
Reply from 192.168.0.57: bytes=32 time<1ms TTL=128
Reply from 192.168.0.57: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.57:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms\nWell, that is about it for understanding and enabling WinRM. Join me tomorrow as I bring another excerpt from my new Windows PowerShell 3.0 Step by Step book.\nI invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\nEd Wilson, Microsoft Scripting Guy<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Understanding Windows PowerShell remote management. Weekend Scripter: Enabling Windows remote management Microsoft Scripting Guy, Ed Wilson, is here. Today I thought I would share a portion of my new Windows PowerShell 3.0 Step by Step book published by Microsoft Press. This book is available for pre-order now. WinRM – Windows Remote Management Windows Server […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[377,57,3,4,61,45],"class_list":["post-4395","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-powershell","tag-remoting","tag-scripting-guy","tag-scripting-techniques","tag-weekend-scripter","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Understanding Windows PowerShell remote management. Weekend Scripter: Enabling Windows remote management Microsoft Scripting Guy, Ed Wilson, is here. Today I thought I would share a portion of my new Windows PowerShell 3.0 Step by Step book published by Microsoft Press. This book is available for pre-order now. WinRM – Windows Remote Management Windows Server […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/4395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=4395"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/4395\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=4395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=4395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=4395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}