Your SlideShare is downloading. ×
0
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
PowerShell Remoting
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

PowerShell Remoting

1,166

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,166
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
49
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • MGB 2003 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
  • MGB 2003 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
  • Transcript

    • 1. Finally! Full-On Remote Computer Management (with PowerShell v2) Don Jones ConcentratedTech.com Pre-requisites for this presentation: 1) Strong understanding of basic Windows administration 2) Basic understanding of Windows PowerShell v2 use Level: Advanced
    • 2. This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like. For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com . For links to newly-posted decks, follow us on Twitter: @concentrateddon or @concentratdgreg This work is copyright ©Concentrated Technology, LLC
    • 3. About the Instructor <ul><li>Don Jones </li></ul><ul><li>Contributing Editor, technetmagazine.com </li></ul><ul><li>IT author, consultant, and speaker </li></ul><ul><li>Co-founder of Concentrated Technology </li></ul><ul><li>Seven-time recipient of Microsoft ’s Most Valuable Professional (MVP) Award </li></ul><ul><li>Author and Editor-in-Chief for Realtime Publishers </li></ul><ul><li>Trainer for www.CBTNuggets.com </li></ul>
    • 4. PowerShell Remoting <ul><li>Connects two copies of Windows PowerShell over the network </li></ul><ul><li>The “client copy” (where you sit) sends commands to one or more “server copies” (remote machines) </li></ul><ul><li>Remote machines execute the commands locally, and send back the resulting objects </li></ul>
    • 5. Underlying Technologies <ul><li>Relies on PSSessions , an object that represents an authenticated connection between two computers </li></ul><ul><li>Persist the connection in a variable </li></ul><ul><li>Persist multiple connections in an array </li></ul><ul><li>“ Persist” does not mean “constantly send traffic;” it re-connects on-demand and invisibly </li></ul>
    • 6. Transport Mechanism <ul><li>Communications are handled by Windows Remote Management (WinRM), a service that implements Web Services for Management (WS-MAN) </li></ul><ul><li>WinRM 2.0 uses HTTP and HTTPS as the underlying transport, on port 5985 (by default) </li></ul>
    • 7. WinRM Security <ul><li>WinRM must be allowed to listen for requests </li></ul><ul><li>Incoming requests are tagged with an application; this lets WinRM route requests to the correct app – like PowerShell </li></ul><ul><li>Apps must be allowed to register as listeners with WinRM </li></ul><ul><li>Local firewalls must obviously allow the traffic </li></ul>
    • 8. More WinRM Security <ul><li>By default, WinRM uses Kerberos </li></ul><ul><ul><li>Doesn ’t transmit passwords at all </li></ul></ul><ul><ul><li>Ensures mutual authentication of client and server </li></ul></ul><ul><ul><li>Allows your credential to be delegated to the remote server </li></ul></ul><ul><ul><li>Allows the use of alternate credentials </li></ul></ul><ul><li>WinRM can use HTTPS, which encrypts all traffic sent to and from WinRM </li></ul>
    • 9. PowerShell Remoting <ul><li>“ Remote Shell” registers PowerShell as a WinRM listener </li></ul><ul><li>PowerShell automatically applies encryption to the traffic it submits to WinRM </li></ul><ul><li>PowerShell acts both as a client (where you sit) and a server (on the remote machine) </li></ul><ul><li>Normally only Administrators can remotely invoke the shell </li></ul>
    • 10. General Requirements <ul><li>Windows PowerShell v2 </li></ul><ul><li>.NET Framework v2 </li></ul><ul><li>WinRM Service v2 </li></ul><ul><ul><li>Win2008R2 and Win7 initial appearance </li></ul></ul><ul><ul><li>Integrated in PowerShell v2 install for older OSs </li></ul></ul>
    • 11. Configuring in a Domain <ul><li>You will typically configure WinRM and Remote Shell in a domain environment </li></ul><ul><li>GPO settings exist to do this – and the domain provides a common authentication mechanism (via Kerberos) </li></ul><ul><li>Super-simple, super-easy – no need for manual configuration on a per-machine basis </li></ul>
    • 12. Configuring Per-Machine <ul><li>Run Set-WsManQuickConfig </li></ul><ul><ul><li>Starts the service, enables a firewall exception, and allows WinRM listening </li></ul></ul>
    • 13. Non-Domain Environment <ul><li>Trickier! </li></ul><ul><li>Some terms: </li></ul><ul><ul><li>Client: The machine you ’re sitting in front of </li></ul></ul><ul><ul><li>Server: The remote machine you want to manage </li></ul></ul><ul><li>You ’ll need to run several steps to make this work </li></ul>
    • 14. Workgroup WinRM Steps <ul><li>Server: Enable-PSRemoting -force </li></ul><ul><li>Won ’t work if network card is set to “Public” (vs. “Office” or “Home” or whatever) </li></ul><ul><li>Administrator account must have a password </li></ul>
    • 15. Workgroup WinRM Steps <ul><li>Client: Enable-PSRemoting </li></ul><ul><li>WinXP only: Set-ItemProperty –Path HKLM:SystemCurrentControlSetControlLsa –Name ForceGuest –Value 0 (zero) </li></ul><ul><li>Set-Item WSMan:localhostClientTrustedHosts –Value server –Force -concat </li></ul>
    • 16. Workgroup WinRM <ul><li>Caution: You are sending a credential from your client to server without verifying the server ’s identity; only do this in a trusted environment </li></ul><ul><li>For more info, see http://blogs.msdn.com/wmi/archive/2009/07/24/powershell-remoting-between-two-workgroup-machines.aspx . </li></ul>
    • 17. WinRM Service Settings Enable Enable if you have pre-WinRM 2.0 listeners Remember, this configured WinRM 2.0!
    • 18. Remote Shell Settings Enable (Default if setting is not configured) Good idea Only useful is Windows PowerShell v2 is installed and if WinRM is enabled for listening
    • 19. Troubleshooting <ul><li>Ensure PowerShell is being run as Administrator </li></ul><ul><ul><li>Caution: With UAC enabled, explicitly run as Administrator! </li></ul></ul><ul><li>No config needed to send remote commands; config needed to receive them </li></ul><ul><ul><li>Set-WSManQuickConfig or </li></ul></ul><ul><ul><li>Enable-PSRemoting </li></ul></ul>
    • 20. Troubleshooting <ul><li>Ensure WinRM service starts automatically </li></ul><ul><ul><li>Default on server OS </li></ul></ul><ul><ul><li>Disabled by default on client OS </li></ul></ul><ul><ul><li>Use Set-Service cmdlet with –computerName to remotely change startup mode on multiple computers </li></ul></ul>
    • 21. Other Issues <ul><li>See help about_remote_troubleshooting : </li></ul><ul><ul><li>Administrators in other domains </li></ul></ul><ul><ul><li>Remoting for non-administrators </li></ul></ul><ul><ul><li>Using an IP address vs. a computer name </li></ul></ul><ul><ul><li>Connecting from a workgroup-based computer </li></ul></ul><ul><ul><li>Adding computers to the “trusted hosts” list </li></ul></ul><ul><ul><li>Alternate ports for remoting </li></ul></ul><ul><ul><li>Proxy servers with remoting </li></ul></ul><ul><ul><li>Etc </li></ul></ul>
    • 22. PSSessions <ul><li>Use New-PSSession to create a new remoting session </li></ul><ul><li>Pass an array of computer names to -computerName to create multiple new sessions </li></ul><ul><li>Save the session(s) in a variable for later re-use </li></ul>
    • 23. New-PSSession <ul><li>Numerous parameters allow customization </li></ul><ul><ul><li>Authentication mechanism </li></ul></ul><ul><ul><li>Alternate credential </li></ul></ul><ul><ul><li>Etc </li></ul></ul><ul><li>Read Help New-PSSession for all the details </li></ul>
    • 24. Session Management <ul><li>Remove-PSSession : Close connection and delete session object </li></ul><ul><ul><li>No need to do this when you ’re completely finished – just close the shell </li></ul></ul><ul><ul><li>Sessions do consume memory on both ends – so don ’t leave them sitting idle for no reason </li></ul></ul><ul><li>Get-PSSession : Get all of your currently-defined PSSessions </li></ul><ul><ul><li>No way to access others ’ sessions, even on the same machine </li></ul></ul>
    • 25. Session Tips <ul><li>Setting –throttleLimit on New-PSSession limits the number of sessions active at once – helps conserve resources </li></ul><ul><li>Use New-PSSessionOption to create a new “option object” that sets various advanced options; pass the resulting object to –sessionOption to apply those options when creating new sessions </li></ul>
    • 26. Using Sessions <ul><li>Two ways: </li></ul><ul><ul><li>1:1, or interactive </li></ul></ul><ul><ul><li>1:many, or batch </li></ul></ul><ul><li>Both techniques require that you establish the session first </li></ul><ul><li>Trick: If you have multiple sessions in a $sessions variable… </li></ul><ul><ul><li>$sessions[0] is the first </li></ul></ul><ul><ul><li>$sessions[1] is the second (and so on) </li></ul></ul>
    • 27. 1:1 Remoting <ul><li>Use Enter-PSSession and provide a session object </li></ul><ul><li>Prompt changes to show which computer ’s shell you’re now using </li></ul><ul><li>Exit-PSSession exits and returns you to your local shell </li></ul>
    • 28. 1:1 Remoting On-Demand <ul><li>Enter-PSSession also provides parameters to create a new session on-demand </li></ul><ul><li>Useful for creating one-off, ad-hoc remote sessions </li></ul><ul><li>Session is automatically deleted when you run Exit-PSSession </li></ul>
    • 29. 1:many Remoting <ul><li>Use Invoke-Command to specify a command </li></ul><ul><li>Either specify computer names… </li></ul><ul><li>… or pass it an array of PSSession objects </li></ul>
    • 30. Why Sessions? <ul><li>You ’re always using a session with Enter-PSSession or Invoke-Command </li></ul><ul><li>If you use –computerName , the session is created ad-hoc and deleted immediately </li></ul><ul><li>If you use –session , you can pass session objects that have already been created </li></ul><ul><li>Pre-create the sessions if you will use them more than once in a sitting – saves typing credentials and stuff over and over </li></ul>
    • 31. Invoke-Command Results <ul><li>PowerShell tacks on a “PSComputerName” property which contains the computer that the result came from </li></ul><ul><li>Makes it easy to separate and distinguish the results </li></ul><ul><li>Output is serialized into XML on the remote computer, and the de-serialized back into objects in your copy of PowerShell (why? XML transmits across the network easily) </li></ul>
    • 32. Multiple Computers <ul><li>Invoke-Command automatically throttles how many computers it sends commands to in parallel </li></ul><ul><li>-ThrottleLimit lets you modify the default throttle </li></ul><ul><li>Helps improve performance; means you may have to wait a bit when doing a large number of computers </li></ul>
    • 33. Invoke-Command Tricks <ul><li>-command is an alternate name for –scriptblock , which is the real parameter name </li></ul><ul><li>-scriptblock takes a {script block} </li></ul><ul><li>-filePath uses a local script file (.PS1) </li></ul><ul><li>-hideComputerName – hides computer name in output (it ’s still accessible as a property of the output objects) </li></ul><ul><li>Read help for more!! </li></ul>
    • 34. More! <ul><li>You can also have Invoke-Command run as a background job ( -asJob parameter); look up Help *-Job for details on working with jobs </li></ul><ul><li>Quick example… </li></ul>
    • 35. Thank You! <ul><li>Please feel free to pick up a card if you ’d like copies of my session materials </li></ul><ul><li>I ’ll be happy to take any last questions while I pack up </li></ul><ul><li>Please complete and submit an evaluation form for this and every session you attend! </li></ul>
    • 36. &nbsp;
    • 37. This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like. For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com . For links to newly-posted decks, follow us on Twitter: @concentrateddon or @concentratdgreg This work is copyright ©Concentrated Technology, LLC

    ×