Automating the world one-liner at a time…
PowerShell V2 introduces a new capability which allows you to remotely manage machines in your organization. I will give a basic overview of PowerShell remoting here and follow it up with some adavanced topics later. Are you ready for the fun..
A remote interaction involves 2 endpoints – Client and a Server. The same computer or system can act both as a client and as a server.
Configuration
To enable an endpoint for PowerShell remoting you need to do the following:
Step 1: Install PowerShell CTP2 of PowerShell V2
Step2: Install CTP of WinRM
Step 3: Configure WinRM for PowerShell remoting. This can be done from a PowerShell Console using the following steps
(a) Open PowerShell console in elevated prompt
(b) Run $pshome\configure-wsman.ps1 script.
The above script will prepare your machine for remoting. This script will enable an endpoint both to act as a client and as well as a server.
PowerShell depends on WinRM for transport of data between endpoints. WinRM implements WS-Management a SOAP-based protocol for the management of servers etc. The good thing about this protocol is it is based on HTTP. So all the packets are going on Port 80 (by default) and you don’t need to open any other port for PowerShell remoting.
Using the Power
The beauty of PowerShell remoting is that all the cmdlets/scripts you have from V1 work as is everywhere (as long as PowerShell is installed on the server). So you develop your cmdlet/scripts once and you can remotely execute them with PowerShell as is without making any changes. The only dependency being the cmdlet/script you want to execute should be accessible on the remote box.
Let me show you some examples:
PS C:\> #my current machine
PS C:\> $env:computername
KRISCV-JHOOM
PS C:\> icm kriscv-lh { $env:computername }
KRISCV-LH
PS C:\>
The above example gives a glimpse of powershell remoting. Here I ran “$env:computername” locally and then on a remote machine from my local machine. I showed a new command “icm” here. “icm” is an alias for invoke-command cmdlet. This cmdlet takes the following pattern:
Invoke-command <ExecutionContext> { <script block to run in the context>}
In my above “kriscv-lh” is the execution context. In this case it is a destination computer name. So, essentially I have asked invoke-command to run the script “{$env:computername}” on the remote machine. This is the cmdlet you should use for remoting in CTP2 of Powershell V2. This cmdlet internally creates a connection with the machine “kriscv-lh”, runs the command on the machine, gets the output from the remote machine to the local machine, displays the output and then closes the connection.
You can pretty much do anything on the remote machine as you would on the local machine. Administrator of the remote machine however has the complete control of restricting you.
The following example shows you a way of finding free disk space on the remote machine:
PS C:\> icm kriscv-lh {gwmi win32_logicaldisk | select deviceid,freespace}
deviceid freespace ComputerName RunspaceId
-------- --------- ------------ ----------
A: kriscv-lh 8ce689c2-87a2-4e38-83...
C: 44054937600 kriscv-lh 8ce689c2-87a2-4e38-83...
D: kriscv-lh 8ce689c2-87a2-4e38-83...
Estentially whatever you have learned with V1 of PowerShell can be used with PowerShell remoting. Lets convert the above example to show the freespace in GB instead of bytes:
PS C:\> icm kriscv-lh {gwmi win32_logicaldisk | select deviceid,freespace} | select deviceid,@{Name=
"freespace(GB)";Expression={$_.freespace/1gb}},computername
deviceid freespace(GB) ComputerName
-------- ------------- ------------
A: 0 kriscv-lh
C: 41.0060882568359 kriscv-lh
D: 0 kriscv-lh
Notice what I have done here. The command in bold above is run on the remote machine kriscv-lh and the rest of the pipeline is run on the local box ie.,”select-object” cmdlet is run on the local machine. PowerShell remoting ensures objects are written onto the pipeline and hence you can leverage the complete power of PowerShell by working directly with an object.
You can apply the same concept to multiple machines. The following examples gets the free disk space from multiple machines:
PS C:\> icm kriscv-lh,kriscv-jhoom {gwmi win32_logicaldisk | select deviceid,freespace} | select dev
iceid,@{Name="freespace(GB)";Expression={$_.freespace/1gb}},computername
C: 182.064617156982 kriscv-jhoom
D: 136.152328491211 kriscv-jhoom
E: 7.60776519775391 kriscv-jhoom
F: 1.76084136962891 kriscv-jhoom
G: 0 kriscv-jhoom
C: 41.0063934326172 kriscv-lh
Notice I am running the command on 2 machines and running select-object cmdlet on the local box to filter the data.
There are so many things I want to talk about this CTP which I will do in the coming weeks. For the time being install the CTP, try out our new features and most importantly, if possible, give us your feedback.
Have a great weekend!!
Thanks
Krishna Vutukuri[MSFT]
Windows PowerShell Development
This posting is provided “AS IS” with no warranties.
Is there WinRM CTP for windows 2003 or XP?
> Is there WinRM CTP for windows 2003 or XP?
Sadly no, not at this time.
Yes - we know exactly how painful this is. We just couldn't make the schedules line up.
Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at: http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at: http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx
BTW - you can easily clean up the output by simply casting the expression to an [INT] (notice that I put the expression inside () so that we cast the RESULTS of the expression and not the FIRST ELEMENT.
Change:
icm kriscv-lh {gwmi win32_logicaldisk | select deviceid,freespace} | select deviceid,@{Name="freespace(GB)";Expression={$_.freespace/1gb}},computername
TO
icm kriscv-lh {gwmi win32_logicaldisk | select deviceid,freespace} | select deviceid,@{Name="freespace(GB)";Expression={[INT]$($_.freespace/1gb)}},computername
And things clean up very nicely.
10,000 thanks to Krishna for going out of his way to do this write up. Take a look at the published time!
Oooooh! Your security team is going to have run keeping the hackers at bay on this one! ;-)
But seriously (as I'm really not a security wonk), why can't you make it so that I could run a script on the remote machine that exists only on my local machine? Forcing the remote machine to have the script is a rather large burden, no? Need I detail why?
> But seriously (as I'm really not a security wonk), why can't you make it so that I could run a script on the remote machine that exists only on my local machine?
Ask and ye shall receive. :-)
It does! First let's start with the basics. We'll ship "secure by default". That means that you will have to make a decision to allow remote computers to manage a machine. Next, when you configure remoting, you'll have a number of configuration options which give you fine control over what the remote machines can do. In particular, there are 3 language MODES: FULL, DATA, NONE.
FULL is obvious - there are no language restrictions.
DATA limits the language to those elements that do not allow side-effects on the system.
NONE means you can enter commands but no language elements.
For each of these, you'll be able to configure what CMDLETS, SCRIPTS, Native applications, providers, and variables that are available to the remote machine.
jps
Ok, so maybe I'm doing something wrong, but the winrm configuration isn't working:
PS C:\Windows\System32> . $pshome\configure-wsman.ps1
VERBOSE: Configuring WinRM
WSManFault
Message = Access is denied.
Error number: -2147024891 0x80070005
Access is denied.
CheckError : Error restoring default WSMan configuration. Exiting
At C:\Windows\system32\WindowsPowerShell\v1.0\\wsmanutils.ps1:97 char:19
+ CheckError <<<< $ErrorMessages["Restore"]
... and more of the same. this is with an elevated version of powershell...
> Message = Access is denied.
1) Are you running with elevated Privs?
2) Do you have Admin Rights?
Can you check if WinRM is running?
PS F:\> get-service winrm
Status Name DisplayName
------ ---- -----------
Stopped WinRM Windows Remote Management (WS-Manag...
PS F:\> start-service winrm PS F:\> get-service winrm Status Name DisplayName ------ ---- ----------- Running WinRM Windows Remote Management (WS-Manag...
I noted the comment above about 2003 and XP. Are you committed to providing remoting on 2003 and XP in the final version? We're really keen to see this.
> Are you committed to providing remoting on 2003 and XP in the final version?
Never trust anything that looks like a commitment made in a blog. Seriously. If you ever see anything that looks like a commitment in this blog - it has to be understood as a PERSONAL commitment not a corporate commitment.
For example, I could say that I'm personally committed to making this go downlevel but that is VERY differen than saying that the company is committed to doing so.
Here is what I said in the blog entry:
http://blogs.msdn.com/powershell/archive/2008/04/24/how-could-you-top-ctp1.aspx
One big caveat to share with you around remoting. The good news is that we've made a lot of progress on remoting and it is shaping up nicely. The bad news is that (FOR THIS CTP) remoting is only going to work FROM and TO Vista and WS08 boxes (CRINGE!). I know that is a big hit and it means that many of you will not be able to test out remoting for us. Apologizes. There are a zillion details behind this so without going into them, all I can say is 1) we know exactly how BIG of a deal this is 2) we worked like heck to try and make it happen 3) the facts we were faced did not allow it to happen.
Just to be clear, this applies to the upcoming CTP and we are working very hard to make it available on downlevel machines in subsequent public releases.
Hello,
When I run Receive-PSJob -job $job I got error like below. How do I do for fix this problem please advice? I use WinXP + SP2.
PS C:\> $job = Start-PSJob -command "Get-Process"
PS C:\> Receive-PSJob -job $job
Receive-PSJob : [localhost] The WS-Management service does not support the requ
est.
At line:1 char:14
+ Receive-PSJob <<<< -job $job
PS C:\> Get-Service winrm
Running WinRM Windows Remote Management (WS-Manag...
PS C:\> $job
SessionId Name State HasMoreData Command
--------- ---- ----- ----------- -------
1 Failed False Get-Process
You need to install the CTP of WSMan 2.0, but they are currently supported on Vista-SP1 and WS08 only.
What is the current status of remoting on WinXP and WinServer 2003? I'd love to use PS for a proof on concept. Thanks.
Can you share some information on Powershell Remoting and Exchange 2007 administration?
I've been trying to use the Remoting capabilities within a C# application but it seems my assembly System.Management.Automation.dll doesn't contain
"System.Management.Automation.Remoting"
Any ideas?
Thanks in advance!
Adam