Powershell: Remote Session

Notes on using a remote session with Powershell

Enable it on standalone computers

Support for remote session must be enabled (on the target system); this is a bit more complicated on standalone (Workgroup/Not-joined-to-an-AD-domain) clients:

  1. Prerequisite: On the remote computer, the service “Windows Remote Management (WS-Management)” (also known as “WinRM”) must be running.

    Get-Service -Name WinRM -ComputerName $computer | Set-Service -Status Running
    Test-WSMan -ComputerName $computer    # Test whether the WinRM service is running. 
    
  2. On the computer from which you want to enter the remote session, do this (requires admin rights):

    Set-Service winrm -Status Running -StartupType Automatic
    Get-Item WSMan:\localhost\Client\TrustedHosts # Check current values
    Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value <RemoteIPAddressOrComputerNameOrWildcard(*)>
    

    Caution: Using a wildcard for TrustedHosts is insecure and not recommended!

  3. On the remote computer, to which you want to connect to, do this (requires admin rights):

    Set-Service winrm -Status Running -StartupType Automatic
    Enable-PSRemoting -Force [-SkipNetworkProfileCheck]
    

    Remark: Enable-PSRemoting -Force won’t work if the network type isn’t a “Private” or “Domain” network.

  4. Disable it again:

    Disable-PSRemoting -Force
    Invoke-WmiMethod -Path "Win32_Service.Name='WinRM'" -Name StopService
        # Because Set-Service... complains about depending services
    
    # or try:
    Get-Service -Name WinRM -ComputerName $computer | Stop-Service -Force
    

Persistent Remote Session

One can also keep a Powershell session alive and disconnect from it, and the connect to it again the next day or from a different computer.

Note: If you don’t provide a -Credential parameter, then the current user is used; this may or may not be the appropriate action in your environment…

  1. Establish a new session, then disconnect from it:

    $s = New-PSSession -ComputerName <RemoteIPAddressOrComputerName>
    
  2. Load the same session (of the remote computer) on another computer again:

    $s1 = Get-PSSession -ComputerName <RemoteIPAddressOrComputerName>
    Connect-PSSession -Session $s1
    Enter-PSSession -Id ... | -ComputerName ...
    Disconnect-PSSession -Session $s1               # Disconnect again, for now.
    
  3. Close or exit a session for good:

    Remove-PSSession -Session $s    # Closes the session again.
    
    # ... or from within the remote session itself, do this.
    RemoteSystem> Exit-PSSession
    

Execute a single remote command with Invoke-Command

Example: Create the Windows Update log file on the remote machine.

Invoke-Command -ComputerName $computer -ArgumentList $computer -Credential $cred -ScriptBlock {
        param($computer)
			# Use -ArgumentList and param(...) to handover local variables to the script block.
		
		Get-WindowsUpdateLog -LogPath C:\$computer-WindowsUpdate.log
			# Provide a full path, including filename, else you may get an Access Denied error.
    } 

Further reading