HOWTO Set up PowerShell Remote Session Configuration

Marc Rufer 18 Nov 2016 PowerShell WinRM

Todays blog post is about setting up a PowerShell remote session configuration on a Windows machine. A PowerShell remote session configuration can be used when connecting from another machine (hereinafter called as Client) to the machine the PoSH remote session configuration resides on (hereinafter called as Target) using Enter-PSSession Cmdlet. A PoSH remote session configuration allows you to define under which user (Credential) the remote commands sent by the Client over the remote session will be executed. The Client only has to know the hostname of the Target and the name of the PowerShell session configuration.

Prerequisites

The following conditions have to be fullfilled to make it work.

The user, who will enter the remote session from the Client, has to have remote login access on the Target
To execute the Enter-PSSession Cmdlet without specifying the Credential, the Client and the Target have to be in the same domain or workgroup
Both (Client and Target) must have valid SSL certificates

Target

To set up the PowerShell remote session configuration on the Target the following commands have to be executed.

Enable-PSRemoting -Force;

# Configure WinRM to use HTTPS
winrm quickconfig -transport:https;
netsh firewall add portopening TCP 5986 "WinRM over HTTPS";

# Register PowerShell session configuration
Register-PSSessionConfiguration -Name PSSESSION_CONFIG_NAME -RunAsCredential CREDENTIAL_TO_RUN_CMDS_WITH -ShowSecurityDescriptorUI;

# Assign X.509 certificate to WinRM listener
$Thumbprint = (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -match "CERT_NAME"}).Thumbprint;
winrm set winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="FULL_QUALIFIED_DOMAIN_NAME";CertificateThumbprint="THUMBPRINT_HERE"}';

Client

To enable windows remote management on the Client the following commands have to be executed once on the Client.

Enable-PSRemoting -Force;
winrm quickconfig -transport:https;
netsh firewall add portopening TCP 5986 "WinRM over HTTPS";

To test the connection from Client to Target execute the following command

Test-WsMan FULL_QUALIFIED_DOMAIN_NAME;

Now you can connect to the Target by entering the before defined PowerShell session configuration as follows.

Enter-PSSession -ComputerName FULL_QUALIFIED_DOMAIN_NAME_OF_TARGET -ConfigurationName PSSESSION_CONFIG_NAME -UseSSL;

comments powered by Disqus

Posts

HOWTO Access Azure File Share in PowerShell Script executed by a Scheduled Task BUG "Task Scheduler service is not available" Error, if specifying Network Connection Condition HOWTO Sync OneDrive on Server even if Windows User not logged in HOWTO Access Microsoft Access Database with PowerShell Get NetworkCredential from PSCredential splits Username into Username and Domain HOWTO Create LocalDB File (.mdf) manually in Visual Studio 2015 HOWTO Set Cookie Header on DefaultRequestHeaders of HttpClient HOWTO Set up PowerShell Remote Session Configuration HOWTO Analyze PowerShell Scripts with PSScriptAnalyzer HOWTO Sign PDF with SuisseID NoBrainer PUT/PATCH/MERGE with OData Service Client Apply Commit from one Repository to another GitHub Repository creation with PowerShell HOWTO Sign PowerShell Script with SuisseID Swissunihockey game schedule PDF generator HOWTO Maven Release on JetBrains TeamCity Limitations when running Activiti in H2 Embedded Mode HOWTO Pylint Integration in IntelliJ 14 HOWTO Install Windows 10 IoT Core on Raspberry PI 2 from a VM First steps with Dropwizard Allman code style for IntelliJ First steps with Flyway IntelliJ - Setup custom inspection profiles Configuration properties meta-data support in IntelliJ AMQP Integration with spring integration OCA Java SE 7 Programmer I Certification Guide Swissunihockey key matcher Swisscom SMS-API-Client Some hints concerning logging with Log4j IFTTT A brilliant service Run deltacloud on a VirtualBox-VM Project specific maven settings in IntelliJ AngularJS Javascript for beginners Liferay in Action