Automating the world one-liner at a time…
As you probably know by now, all of PowerShell remoting is done via streaming extensions to WSMAN. WSMAN is the SOAP-based DMTF standard protocol for managing everything. As you explore the limits of what you can do with WSMAN or PowerShell remoting, you may encounter errors like this:
[7592:0]PS> New-PSSession [localhost] Connecting to remote server failed with the following error me ssage : The WS-Management service cannot process the request. This user is allowed a maximum number of 5 concurrent shells, which has been exceeded. Close existing shells or raise the quota for this user. For more informat ion, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (System.Manageme....RemoteRunspa ce:RemoteRunspace) , PSRemotingTransportException + FullyQualifiedErrorId : PSSessionOpenFailed
What is going on here is that we put in a number of default constraints into the system to protect your systems from accidental misuse. We didn’t want a beginner PowerShell user writing a script which accidentally consumed all the resources on your servers. We can’t protect against everything but we spent some time thinking about the common mishaps and put some default guardrails in.
I like the story (it might even be true :-) ) about software controls on some of the fighter jets. The SW developers knew what the design limits of the planes where so they wrote the control software so that it wouldn’t exceed the capabilities of the plane. The pilot’s reaction was, “we’d only be pushing the plane to that degree when the other alternative was getting shot down – I’d rather risk having the wings tear off then being guaranteed to get shot down.” So while we put in guardrails, we also put in the ability to move those guardrails. Look, they are your machines. You are smart people. You often know more than we do. We allow you to make decisions which may be great and may hurt yourself. (NOTE: In my opinion we set some of the Maximum’s too low. We may reevaluate some of these in the future on the grounds of general principles but let me know if you have any concrete situations where the maximums are too small.)
If you want to change the controls, all you have to do is to CD into the WSMAN: drive and the LOCALHOST subdirectory and change things. It’s as easy as this:
PS> cd WSMan:\localhost\Shell PS> dir
WARNING: column "Type" does not fit into the display and was removed.
Name Value ---- ----- AllowRemoteShellAccess true IdleTimeout 180000 MaxConcurrentUsers 5 MaxShellRunTime 2147483647 MaxProcessesPerShell 15 MaxMemoryPerShellMB 150 MaxShellsPerUser 5
PS> Set-Item .\MaxShellsPerUser 25
It is worth spending a little bit of time exploring the WSMAN drive and what you can do with it.
To find out more about the drive and what the values mean do the following:
PS> Get-Help WSMAN
PS> Get-Help About_WSMAN
<Update - not all the settings are documented there. The full list is available HERE >
Jeffrey Snover [MSFT] Distinguished Engineer Visit the Windows PowerShell Team blog at: http://blogs.msdn.com/PowerShell Visit the Windows PowerShell ScriptCenter at: http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx
This is great to configure a single server locally. Is there a notion that we can set this remotely so we can leverage to do so on a number of them? Somthing like
Set-item -computer $Server -MaxShellsPerUser 25
Oh, so you just offered an easy DoS, that can even reasonably be denied as an accidental mishappening?
Where is the DoS?
Experiment! Enjoy! Engage!
Jeffrey Snover [MSFT]
Visit the Windows PowerShell Team blog at: http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at: http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx
That is what connect-WSMAN is for. When you connect to a server it shows up as a subdirectory (under \) in your WSMAN drive.
You can connect to a bunch of machines and then do:
PS> Set-item wsman:\*\Shell\MaxShellsPerUser 25
and set them all at once.
Check out more blogs about WSMAN and other Windows Management Infrastructure technologies like WMI and BITS
Hi, thanks for the post. If I exit the session properly, active session count = count -1?
It really worked..:)