Manage Your Enterprise from a Single Seat: Windows PowerShell Remoting Tech Ed North America 2010 12/4/2018 9:59 PM Required Slide SESSION CODE: WSV319 Manage Your Enterprise from a Single Seat: Windows PowerShell Remoting Don Jones Senior Partner and Technologist Concentrated Technology, LLC © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Introductions Me: Don Jones, Concentrated Technology Microsoft MVP Award recipient Contributing Editor, TechNet Magazine Author of 45+ IT books Blogger at http://ConcentratedTech.com You: A Busy Windows Administrator Looking to enable single-seat administration Comfortable with command-line tools and utilities
Agenda About PowerShell Remoting Deploying PowerShell Remoting 1:1 Remote Shell 1:Many “Fan-Out” Remoting Sessions Implicit Remoting
How Remoting Works Utilizes WinRM v2 First shipped with PowerShell v2, installs with PowerShell v2 Auto-starts on servers, but not on clients (consider configuring to auto-start) Communicates via HTTP or HTTPS Default ports are not 80/443; ports can be customized Applications register with WinRM as an endpoint This tells WinRM the application is there WinRM must be configured to permit this (e.g., secure by default) Also: WS-MAN (Web Services for Management) is the protocol name
PowerShell Requirements PowerShell v2 only on both ends Ships with Win7 and Win2008R2; downloadable for Win2003, Vista, WinXP Must explicitly enable WinRM, register PowerShell as an endpoint, on machine that will accept incoming connections Run Enable-PSRemoting or Disable-PSRemoting (to disable) No configuration needed on computers that will initiate connections (e.g., where you are physically sitting) Remoting is a strong argument for deploying PowerShell v2 everywhere and enabling remoting Remoting can also be controlled via Group Policy object (download ADM template for Win2008 and Win2003; comes with Win2008R2)
DEMO Enabling Remoting Tech Ed North America 2010 12/4/2018 9:59 PM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
1:1 Remoting Think “SSH” functionality – interactive remote command line Use Enter-PSSession and computer name to start Use Exit-PSSession to “go home” and close the connection Help for Enter-PSSession shows parameters for specifying non-default ports, alternate credentials, etc.
DEMO 1:1 Remoting Tech Ed North America 2010 12/4/2018 9:59 PM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
1:Many Remoting Use Invoke-Command with a list of computer names (many ways to provide that list) Specify a command in a –scriptblock {}, or specify a –file to run Local files will be pushed out to the remote computer(s) -command is an alias for –scriptblock Separate multiple commands with ; in the scriptblock Throttled to 32 machines at once by default (can modify) Can specify alternate ports/credentials/etc Runs synchronously; use –AsJob to run as a background job
What Comes Back Results on the remote computers are serialized into XML for transmission across the wire PSComputerName property is added with the name of the computer each object came from (useful for sorting/grouping) XML is deserialized when received on your end, and turned back into objects Deserialized objects are not “live;” they are snapshots, and do not contain methods (e.g., they’re static) Ran as a job? Use Receive-Job to get the results objects from the job (specify –keep to keep the results cached, or capture them into a variable or something)
1:Many Remoting and Jobs Tech Ed North America 2010 12/4/2018 9:59 PM 1:Many Remoting and Jobs DEMO © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Sessions Specifying –computerName with Invoke-Command or Enter-PSSession creates a session, uses it, and then closes it Inconvenient if you want to connect to the same computer again and again, especially if you’re specifying ports/credentials/etc Use New-PSSession to create persistent connections Consumes memory/process (a tiny bit) on both ends Use Remove-PSSession to close connections; Get-PSSession to get a list of them Pass session to –session parameter of Invoke-Command or Enter-PSSession to re-use the session
DEMO Sessions Tech Ed North America 2010 12/4/2018 9:59 PM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
A Troubling Scenario New modules are shipping all the time – such as the ActiveDirectory module in Windows Server 2008 R2 These modules often can’t be installed on older versions of Windows The trick is to have remoting enabled on a machine where the module can be run… …and to use implicit remoting to make it look like that module is installed on your local computer
Implicit Remoting Use New-PSSession to create a session to the computer hosting the module Use Invoke-Command with that session to tell the remote computer to load the module into memory Use Import-PSSession to import the commands from that module to your local computer (temporarily) Specify a noun prefix if desired, to avoid overlap Run commands, even ask for help on them Use Remove-PSSession to close the connection when you’re done
DEMO Implicit Remoting Tech Ed North America 2010 12/4/2018 9:59 PM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Summary WinRM implements the WS-MAN service that makes it work Enable remoting on receiving machines only Use Enter-PSSession and Invoke-Command Persistent sessions with *-PSSession Implicit remoting for easier access to remote modules Any last questions? Windows PowerShell v2: TFM on sale in the TechEd Bookstore!
Resources Learning Required Slide www.microsoft.com/teched Tech Ed North America 2010 12/4/2018 9:59 PM Required Slide Resources Learning Sessions On-Demand & Community Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning Resources for IT Professionals Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Complete an evaluation on CommNet and enter to win! Tech Ed North America 2010 12/4/2018 9:59 PM Required Slide Complete an evaluation on CommNet and enter to win! © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year
Tech Ed North America 2010 12/4/2018 9:59 PM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Required Slide Tech Ed North America 2010 12/4/2018 9:59 PM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.