Welcome to MSDN Blogs Sign in | Join | Help

Remoting with PowerShell QuickStart

PowerShell V2 introduces a new capability which allows you to remotely manage machines in your organization. I will give a basic overview of PowerShell remoting here and follow it up with some adavanced topics later. Are you ready for the fun..

A remote interaction involves 2 endpoints – Client and a Server. The same computer or system can act both as a client and as a server.

Configuration

To enable an endpoint for PowerShell remoting you need to do the following:

Step 1: Install PowerShell CTP2 of PowerShell V2

Step2: Install CTP of WinRM

Step 3: Configure WinRM for PowerShell remoting. This can be done from a PowerShell Console using the following steps

(a)    Open PowerShell console in elevated prompt

(b)   Run $pshome\configure-wsman.ps1 script.

The above script will prepare your machine for remoting. This script will enable an endpoint both to act as a client and as well as a server.

PowerShell depends on WinRM for transport of data between endpoints. WinRM implements WS-Management a SOAP-based protocol for the management of servers etc. The good thing about this protocol is it is based on HTTP. So all the packets are going on Port 80 (by default) and you don’t need to open any other port for PowerShell remoting.

Using the Power

The beauty of PowerShell remoting is that all the cmdlets/scripts you have from V1 work as is everywhere (as long as PowerShell is installed on the server). So you develop your cmdlet/scripts once and you can remotely execute them with PowerShell as is without making any changes. The only dependency being the cmdlet/script you want to execute should be accessible on the remote box.

Let me show you some examples:

PS C:\> #my current machine

PS C:\> $env:computername

KRISCV-JHOOM

PS C:\> icm kriscv-lh { $env:computername }

KRISCV-LH

PS C:\>

The above example gives a glimpse of powershell remoting. Here I ran “$env:computername” locally and then on a remote machine from my local machine. I showed a new command “icm” here. “icm” is an alias for invoke-command cmdlet. This cmdlet takes the following pattern:

 

Invoke-command <ExecutionContext>  { <script block to run in the context>}

 

In my above “kriscv-lh” is the execution context. In this case it is a destination computer name.  So, essentially I have asked invoke-command to run the script “{$env:computername}” on the remote machine. This is the cmdlet you should use for remoting in CTP2 of Powershell V2. This cmdlet internally creates a connection with the machine “kriscv-lh”, runs the command on the machine, gets the output from the remote machine to the local machine, displays the output and then closes the connection.

 

You can pretty much do anything on the remote machine as you would on the local machine. Administrator of the remote machine however has the complete control of restricting you.

 

The following example shows you a way of finding free disk space on the remote machine:

 

PS C:\> $env:computername

KRISCV-JHOOM

PS C:\> icm kriscv-lh {gwmi win32_logicaldisk | select deviceid,freespace}

 

deviceid                 freespace                ComputerName             RunspaceId

--------                          ---------                ------------                           ----------

A:                                                               kriscv-lh                         8ce689c2-87a2-4e38-83...

C:                       44054937600                 kriscv-lh                          8ce689c2-87a2-4e38-83...

D:                                                              kriscv-lh                          8ce689c2-87a2-4e38-83...

 

Estentially whatever you have learned with V1 of PowerShell can be used with PowerShell remoting.  Lets convert the above example to show the freespace in GB instead of bytes:

 

PS C:\> icm kriscv-lh {gwmi win32_logicaldisk | select deviceid,freespace} | select deviceid,@{Name=

"freespace(GB)";Expression={$_.freespace/1gb}},computername

 

deviceid                                             freespace(GB)           ComputerName

--------                                                     -------------                 ------------

A:                                                                               0               kriscv-lh

C:                                                   41.0060882568359              kriscv-lh

D:                                                                               0               kriscv-lh

 

Notice what I have done here. The command in bold above is run on the remote machine kriscv-lh and the rest of the pipeline is run on the local box ie.,”select-object” cmdlet is run on the local machine. PowerShell remoting ensures objects are written onto the pipeline and hence you can leverage the complete power of PowerShell by working directly with an object.

 

You can apply the same concept to multiple machines. The following examples gets the free disk space from multiple machines:

 

PS C:\> icm kriscv-lh,kriscv-jhoom {gwmi win32_logicaldisk | select deviceid,freespace} | select dev

iceid,@{Name="freespace(GB)";Expression={$_.freespace/1gb}},computername

 

deviceid                                             freespace(GB)       ComputerName

--------                                                      -------------                  ------------

C:                                                182.064617156982       kriscv-jhoom

D:                                                136.152328491211      kriscv-jhoom

E:                                                7.60776519775391       kriscv-jhoom

F:                                                1.76084136962891       kriscv-jhoom

G:                                                                           0        kriscv-jhoom

A:                                                                           0        kriscv-lh

C:                                               41.0063934326172       kriscv-lh

D:                                                                           0        kriscv-lh

 

Notice I am running the command on 2 machines and running select-object cmdlet on the local box to filter the data.

 

There are so many things I want to talk about this CTP which I will do in the coming weeks. For the time being install the CTP, try out our new features and most importantly, if possible, give us your feedback.

 

Have a great weekend!!

 

Thanks

Krishna Vutukuri[MSFT]

Windows PowerShell Development

This posting is provided “AS IS” with no warranties.

Published Saturday, May 10, 2008 3:01 AM by PowerShellTeam
Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Remoting with PowerShell QuickStart

Is there WinRM CTP for windows 2003 or XP?

Saturday, May 10, 2008 2:28 AM by Soliko

# re: Remoting with PowerShell QuickStart

> Is there WinRM CTP for windows 2003 or XP?

Sadly no, not at this time.  

Yes - we know exactly how painful this is.  We just couldn't make the schedules line up.  

Jeffrey Snover [MSFT]

Windows Management Partner Architect

Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell

Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

Saturday, May 10, 2008 9:46 AM by PowerShellTeam

# re: Remoting with PowerShell QuickStart

BTW - you can easily clean up the output by simply casting the expression to an [INT] (notice that I put the expression inside () so that we cast the RESULTS of the expression and not the FIRST ELEMENT.

Change:

icm kriscv-lh {gwmi win32_logicaldisk | select deviceid,freespace} | select deviceid,@{Name="freespace(GB)";Expression={$_.freespace/1gb}},computername

TO

icm kriscv-lh {gwmi win32_logicaldisk | select deviceid,freespace} | select deviceid,@{Name="freespace(GB)";Expression={[INT]$($_.freespace/1gb)}},computername

And things clean up very nicely.

10,000 thanks to Krishna for going out of his way to do this write up.  Take a look at the published time!

Jeffrey Snover [MSFT]

Windows Management Partner Architect

Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell

Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

Saturday, May 10, 2008 9:57 AM by PowerShellTeam

# re: Remoting with PowerShell QuickStart

Oooooh! Your security team is going to have run keeping the hackers at bay on this one! ;-)

But seriously (as I'm really not a security wonk), why can't you make it so that I could run a script on the remote machine that exists only on my local machine?  Forcing the remote machine to have the script is a rather large burden, no?  Need I detail why?

Saturday, May 10, 2008 7:19 PM by Mike Schinkel

# re: Remoting with PowerShell QuickStart

> But seriously (as I'm really not a security wonk), why can't you make it so that I could run a script on the remote machine that exists only on my local machine?

Ask and ye shall receive.  :-)

It does!  First let's start with the basics.  We'll ship "secure by default".  That means that you will have to make a decision to allow remote computers to manage a machine.  Next, when you configure remoting, you'll have a number of configuration options which give you fine control over what the remote machines can do.  In particular, there are 3 language MODES: FULL, DATA, NONE.  

FULL is obvious - there are no language restrictions.

DATA limits the language to those elements that do not allow side-effects on the system.

NONE means you can enter commands but no language elements.

For each of these, you'll be able to configure what CMDLETS, SCRIPTS, Native applications, providers, and variables that are available to the remote machine.  

jps

Sunday, May 11, 2008 11:31 AM by PowerShellTeam

# re: Remoting with PowerShell QuickStart

Ok, so maybe I'm doing something wrong, but the winrm configuration isn't working:

PS C:\Windows\System32> . $pshome\configure-wsman.ps1

VERBOSE: Configuring WinRM

WSManFault

   Message = Access is denied.

Error number:  -2147024891 0x80070005

Access is denied.

CheckError : Error restoring default WSMan configuration. Exiting

At C:\Windows\system32\WindowsPowerShell\v1.0\\wsmanutils.ps1:97 char:19

+         CheckError <<<<  $ErrorMessages["Restore"]

WSManFault

   Message = Access is denied.

... and more of the same.  this is with an elevated version of powershell...

Monday, May 12, 2008 6:43 AM by Ilya Haykinson

# re: Remoting with PowerShell QuickStart

>   Message = Access is denied.

1) Are you running with elevated Privs?

2) Do you have Admin Rights?

jps

Monday, May 12, 2008 8:55 AM by PowerShellTeam

# re: Remoting with PowerShell QuickStart

Can you check if WinRM is running?

PS F:\> get-service winrm

Status   Name               DisplayName

------   ----               -----------

Stopped  WinRM              Windows Remote Management (WS-Manag...

PS F:\> start-service winrm                                               PS F:\> get-service winrm                                                                                                                           Status   Name               DisplayName                                   ------   ----               -----------                                   Running  WinRM              Windows Remote Management (WS-Manag...                                                                                                                                                            

Tuesday, May 13, 2008 9:44 PM by PowerShellTeam

Leave a Comment

(required) 
required 
(required) 
 
Page view tracker