Saturday, February 13, 2016

HOW TO MANAGE PC OR SERVERS REMOTELY WITH POWERSHELL


Powershell is a great tool for system administrators. So today i will describe how can usepowershell to connect remotely in one or multiple pc's without being leverage againgst multiple systems. Imagine that you need to conenct in 20 pc's at least and do a small change , monitoring processes or restart a specific service. With powershell you can do it without need to connect in every system.
Before write this article i read lot of articles to explain how can connect remotely in a pc with powersell but only few articles explain and what need from the client side to achieve the remote connection.
So i hope to be more specific and give the right guide to enable remote connection in a pc with powershell.
Let's start

CHECK IF WSMAN IS ENABLE IN THE REMOTE PC

If you would like to connect remotely in PC with powershell you must verify that WsMan is enable in the PC that you want to connect remotely. Type the following command to know if WsMan is enable or not
Test-WsMan -computername ipaddress or hostname

ENABLE WSMAN IN THE REMOTE PC

To connect remotely in a PC with powershell you need to apply the following tasks. 
  • Starts the WinRM service.
  • Sets the startup type on the WinRM service to Automatic.
  • Creates a listener to accept requests on any IP address, if one does not already exist.
  • Enables a firewall exception for WS-Management communications.
  • Registers the Microsoft.PowerShell and Microsoft.PowerShell.Workflow session configurations, if it they are not already registered.
  • Registers the Microsoft.PowerShell32 session configuration on 64-bit computers, if it is not already registered.
  • Enables all session configurations.
  • Changes the security descriptor of all session configurations to allow remote access.
  • Restarts the WinRM service to make the preceding changes effective.
All the above tasks can apply if you run the following command from Powershell
Winrm  quickconfig

You have 3 options to enable WinRm in the Remote PC.

 YOU CAN DO IT DIRECT IN THE PC THAT YOU WANT TO CONECT REMOTELY.

  • Open Powershell 
  • Type the following command
    Winrm  quickconfig

CREATE GROUP POLICY TO ENABLE WINRM IN THE PC'S THAT YOU WANT

In the Group Policy that will create we need to configure 3 settings. 
First you must enable Remote Management through WinRM
  • Login in your Domain Controller and open Group Policy Management.
  • Create New Group Policy with the name that you like
  • Right click in Group Policy and select Edit
  • Go in Computer Configuration> Policies > Windows Components > Windows Remote Management (WinRM) > WinRM Service and select from the right side Allow server remote management through WinRM
  • Click Enable and add * in the IPv4 filter to allow service  listens on all available IP addresses on the computer. Click OK.

Now you must configure to Start Automatic the Windows Remote Management Service.
  • Go in Computer Configuration - - > Preferences - - > Control Panel Settings - - -> Services
  • In the right side Right Click and select New - - > Service
  • In Startup change from No change to Automatic
  • In Service Name click in dots and select the Windows Remote Management Service
  • In Service Action Click Start Service

Last we must open the Port of Windows Remote Management Service in Firewall
  • Go in Computer Configuration - - -> Windows Settings - - -> Security Settings - - -> Windows Firewall with Advance Security - - -> Inbound Rules
  • Right click in Inbound Rules and select New - - -> Rule
  • Select Predefined and find the Windows Remote Management. Click Next
  • Uncheck the first option which related with the Public Profile and click Next.
  • Select the Allow the Connection and click Finish
  • Now you will see the new Rule in the right side. Double click to open.
  • Select the Tab Advance and uncheck the Private. Click OK.
Close the Edit of the Group Policy and Apply the policy in the PC or Organization Unit if the PC'S are more than one. 

USE INVOKE-COMMAND TO RUN SCRIPTS IN THE REMOTE PC

After enable WinRm you can connect remotely in PC and run scripts with Invoke-Commands. I will show only 2 examples. If you would like to use Invole-Command more advance visit the page https://technet.microsoft.com/en-us/library/hh849719.aspx
Show the process of single or multiple PC's 
Invoke-Command -Computername bckserver,win2008r2test -ScriptBlock { Get-Process }
Show the last 10 Logs from Event Viewer of single or multiple PC'S
Invoke-Command -Computername bckserver,win2008r2test -ScriptBlock {Get-EventLog system -Newest 10}

DISABLE PS-REMOTING IN THE REMOTE PC

If you would like to Disable PSRemoting you have 2 options.
First Option is to run the following command from Powershell
Disable-PSRemoting
and edit the GPO that you have created before to Enabel powershell remoting and change the 3 settings with the oposite. What i mean?
First you must disable Remote Management through WinRM
  • Login in your Domain Controller and open Group Policy Management.
  • Right click in Group Policy that created and select Edit
  • Go in Computer Configuration> Policies > Windows Components > Windows Remote Management (WinRM) > WinRM Service and select from the right side Allow server remote management through WinRM
  • Click Not Configure
Now you must configure to Stop  Windows Remote Management Service.
  • Go in Computer Configuration - - > Preferences - - > Control Panel Settings - - -> Services
  • In the right side Right Click in the service that you have create and select Properties
  • In Startup change from Automatic  to Disable
  • In Service Action Click Stop Service
Disable the Port of Windows Remote Management Service in Firewall
  • Go in Computer Configuration - - -> Windows Settings - - -> Security Settings - - -> Windows Firewall with Advance Security - - -> Inbound Rules
  • Right click in Inbound Rule that you have create and select Properties
  • In the General Tab uncheck the Enable and click OK.
Wait until deploy the Policy in your PC'S or go in very PC and run from command
gpupdate /force.

THE SECOND OPTION IS TO RUN THE FOLLOWING COMMAND FROM POWERSHELL

Disable-PSRemoting
and if you have enable the PSRemoting in a single PC without Group Policy to disable the following manual
  • Open Powershell
  • Type the following commands to stop the WinRM Service and Disable
    Stop-Service winrm
    Set-Service -Name winrm -StartupType Disabled
  • Type the following command to show the listener and deleted
    winrm enumerate winrm/config/listener
     

           
winrm delete winrm/config/listener?address=*+transport=HTTP
  • Delete the Rule that created in Firewall for WS-Management communication.
  • Set value of LocalAccountTokenFilterPolicy to by running the command 
    Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFi


I try to give a full image how can enable PSRemoting connect in Remote PC or Disable it.
I hope to find usefull my article and use it now or in the feature if requested remote connection in multiple PC'S.


Courtesy Link : http://askme4tech.com/how-manage-pc-or-servers-remotely-powershell
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)