PowerShell V2 introduces a new capability which allows you to remotely manage machines in your organization. You may have already tried this new feature. In this blog, I will show how an administrator can manage different remote sessions (created by different users from different clients)

Scenario: Using PowerShell remoting, normal users can perform non-admin tasks on a machine remotely. There might be situations where an Administrator of the machine may want to terminate specific sessions created by specific users.

This Administrator task can be achieved by just restarting WinRM service. However this is not a good solution as it would close all the remote sessions including the Administrator’s sessions (if any). To remove specific sessions, WSMan/WinRM provides cmdlets Get-WSManInstance & Remove-WSManInstance. I will show you how this works.

# Create a remote session as a normal user

PS C:\> $env:computername

KRISCV-LH

PS C:\> $s = nsn kriscv-jhoom -cred kriscv-jhoom\testuser -Authentication negotiate

PS C:\> $s

 Id Name            ComputerName    State    ConfigurationName     Availability

 -- ----            ------------    -----    -----------------     ------------

  6 Session6        kriscv-jhoom    Opened   Microsoft.PowerShell     Available

PS C:\>

 

From machine KRISCV-LH, I connected to KRISCV-JHOOM as a testuser. This testuser is not an admin on Kriscv-Jhoom. Let’s say this testuser is consuming lot of CPU on Kriscv-Jhoom and not letting others to do their work. In this scenario, the Administrator of Kriscv-Jhoom can delete the remote sessions created by testuser using Get-WSManInstance and Remove-WSManInstance cmdlets.  These cmdlets are remote enabled meaning that these cmdlets can be run either locally on Kriscv-Jhoom or from a remote machine (You should provide Administrator credentials). Let’s see how this works:

 

PS C:\> $env:computername

KRISCV-Win7

PS C:\> Get-WSManInstance -ConnectionURI http://kriscv-jhoom.wingroup.windeploy.ntdev.microsoft.com:

5985/wsman shell -enumerate -cred wingroup\kriscv

 

rsp             : http://schemas.microsoft.com/wbem/wsman/1/windows/shell

lang            : en-US

ShellId         : 884D2DB4-C454-4F1C-9AF6-A7DA3D5D8BD7

ResourceUri     : http://schemas.microsoft.com/powershell/Microsoft.PowerShell

Owner           : kriscv-jhoom\testuser

ClientIP        : 2001:4898:2b:2:4878:5933:c82c:2cbd

IdleTimeOut     : PT180.000S

InputStreams    : stdin pr

OutputStreams   : stdout

ShellRunTime    : P0DT0H17M33S

ShellInactivity : P0DT0H0M33S

 

Notice how I am using Get-WSManInstance. In the ConnectURI parameter, I am using the port number 5985 as the WinRM/WSMan service on Kriscv-Jhoom is listening on this port. That brings us to the point of Port change. By default starting from Win7 RC, WinRM listens on port 5985 not port 80(for http traffic). The /WSMan in the query portion implies to retrieve remote sessions serviced by WSMan (WinRM) service.

 

Notice the output, for each remotely created session you are getting information like user who created this session, from which client machine is this remote session established, the ID, the runtime describing how many days,hours,minutes and seconds the session is active etc.

 

To remove the session, use Remove-WSManInstance cmdlet supplying the ID like this:

 

PS C:\> remove-WSManInstance -ConnectionURI http://kriscv-jhoom.wingroup.windeploy.ntdev.microsoft.c

om:5985/wsman shell @{ShellID="884D2DB4-C454-4F1C-9AF6-A7DA3D5D8BD7"} -cred wingroup\kriscv

 

This will remove the session created by testuser!!

 

Now let’s see how this is reflected in the $s (session) variable created by testuser on Kriscv-LH

 

PS C:\>  $env:computername

KRISCV-LH

PS C:\> $s

 Id Name            ComputerName    State    ConfigurationName     Availability

 -- ----            ------------    -----    -----------------     ------------

  6 Session6        kriscv-jhoom    Broken   Microsoft.PowerShell          None

 

The session is Broken!! So testuser has to create a new session to continue his work. An Administrator can choose to totally block testuser from a creating any session remotely using “Set-PSSessionConfiguration” cmdlet. The –ShowSecurityDescriptorUI parameter will show a nice UI to make these decisions easily.

 

Thanks

Krishna

Windows PowerShell Development

This posting is provided “AS IS” with no warranties.