powershell guruWindows servers, remote management and scripting: What ties all of these things together? Powershell. You can use PowerShell to manage a local machine and a remote machine as well. Using WinRM (Windows Remote Management), you can configure all of your servers and workstations to accept remote PowerShell connections from authorized users so that they can be managed at the command-line remotely, either manually, or through a script. It greatly extends the usefulness of PowerShell, and enables you to move away from WMI scripts to manage systems.

By default, remote management won’t be enabled on your servers. You can either enable it manually, or centrally. We will go over both methods here.

Enabling remote management

If you want to enable remote management of a single server:

  1. Open an administrative PowerShell prompt
  2. Run the following command
    Enable-PSRemoting –Force [enter]

This will go through and start the WinRM service, set its startup type to Automatic, create a listener on all NICs/ip.addrs for remote management connections, and configure the Windows Firewall to accept those connections. It’s the “Easy Button” for remote management.

Using a Group Policy Object to make that easier

That’s easy enough for a single server, but you probably don’t want to go log on to each and every server in the domain to do that. Fortunately, you don’t have to. You can use a Group Policy Object (GPO) to do the same thing:

  1. Launch the Group Policy Management console.
  2. Create a new GPO (or edit an existing GPO if you want to add these settings to something you already have in place. Just don’t edit the Default Domain Policy for this).
  3. Browse the tree for the GPO to Computer Configuration, Policies, Administrative Templates, Windows Components, Windows Remote Management (WinRM,) WinRM Service.
  4. At a minimum, set the following:
    -Allow remote server management through WinRM to Enabled.
  5. The above will use the default settings, which includes only Kerberos and Negotiate authentication, and a listener on TCP 5985. You may want to also configure:
    -Allow Basic authentication to Enabled (for Basic over SSL authentication)
    -Turn On Compatibility HTTP Listener to Enabled

-Turn On Compatibility HTTPS Listener to Enabled.

Connecting to a remote system

To connect to another system on your domain, follow the steps below. These assume both your workstation and the server are domain joined, and your account has admin rights on the server. If you need to provide different credentials, include the optional part in brackets to be prompted for your password.

  1. Open an administrative PowerShell prompt on your PC
  2. Enter the following command
    Enter-PSSession –ComputerName host [-Credential username]

That’s it.

You can even use PowerShell to manage your Linux boxes! There is a PowerShell module for managing Linux. Well, what it really is is a module that lets you make SSH connections to any SSH listener from within a PowerShell session, but if you are writing a script that needs to hit both Windows and Linux boxes in the same script, being able to use this module to embed an SSH session to a Linux host and execute commands is really cool! Check it out.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.