Presentation is loading. Please wait.

Presentation is loading. Please wait.

PowerShell Remoting in Depth

Published byKristopher Fisher Modified over 6 years ago

Similar presentations

Presentation on theme: "PowerShell Remoting in Depth"— Presentation transcript:

1 PowerShell Remoting in Depth
11/23/ :47 PM WCL403 PowerShell Remoting in Depth Don Jones Senior Partner and Principle Technologist Concentrated Technology, LLC © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 What is Remoting? A new technology that will eventually consolidate all management communications into a single port and protocol Uses WS-MAN as the underlying protocol; implemented by the Windows Remote Management (WinRM) service PowerShell is just one consumer of this service/protocol combo – everything will be moving to this as Windows moves forward

3 WinRM WinRM is a general “listener” for incoming communications and general “talker” for outgoing communications Individual applications – like PowerShell – register an “endpoint” to utilize WinRM’s services Each application will differ in how it utilizes WinRM, but WinRM itself has certain high-level configuration options These can be configured locally (in PowerShell, the WSMan: drive provides access) and through Group Policy (let’s see where)

4 DEMO WINRM IN GPO

5 Remote Shell As a consumer of WinRM services, PowerShell also has its own configuration options Many of these are also configurable through the WSMan: drive, and through Group Policy – let’s explore

6 DEMO POWERSHELL OPTIONS

7 Security When you make an outgoing connection over WinRM, your login credentials (or alternate credentials, if you provide them for the connection) are delegated to the remote computer Delegation is a native function of Kerberos – your credentials remain absolutely secure at all times Any tasks performed on the remote computer will be done “as” you – so nothing is added or removed from Windows’ native security layers

8 The Second Hop Your credentials can only be delegated once by default (unless you’ve remoted into a DC) You need to enable the CredSSP authentication protocol, and specify its use, in order to delegate your credentials across additional hops You  Computer A  Computer B You have no security context on computer B – most operations will fail

9 Encryption WinRM can utilize HTTP (port 5985 by default) or HTTPS (port 5986 by default) Applications can also apply their own encryption (often using static pre-shared secrets) to the traffic before they hand it off to WinRM You’re in full control of what’s used

10 Neat Fact WinRM uses HTTP(S) as its transport…
…completely adherent to standards! Third-parties are already creating “Remoting Proxy Servers” (just an HTTP proxy for the WinRM ports) to enable more granular security and logging Cool stuff!

11 Enabling PowerShell Remoting
Enable-PSRemoting (and Disable-PSRemoting to turn it off) This does a lot of steps, including running Set-WSManQuickConfig under the hood: Enables and starts the WinRM Service (and sets to Auto Start) Registers PowerShell as an endpoint Creates an HTTP listener Enables an exception in the Windows Firewall In a single-domain environment, this is all you usually need to do (if you’re okay using HTTP)

12 Other Situations Read about_remote_troubleshooting in PowerShell for details on other cases Cross-domain connections Non-domain (workgroup) scenarios Configuring via GPO instead of running the command Connecting through a proxy server Etc Seriously – the answer is probably in there. Get - a great guide (free) to Remoting

13 Note By default you will need to use computer names as they appear in AD – IP addresses and DNS aliases won’t work You’ll need to fiddle with WinRM if you want other addresses to work Essentially, it’s the mutual authentication. AD needs to be able to find the remote machine INSIDE AD in order to mutually authenticate. If this doesn’t work, you have to manually tweak the Trusted Hosts list in WinRM.

14 1:1 Remoting Use Enter-PSSession
Let’s see it in action, and review some of its options Essentially (but not exactly) like SSH; you’re “on” the remote computer

15 DEMO 1:1 REMOTING

16 1:n Remoting Use Invoke-Command, along with 1+ computer names
The remote computers spin up a copy of PowerShell, run your command, serialize the results into XML, and transmit them to you. Your copy of PowerShell receives that, deserializes the results back into static objects, and puts them in the pipeline Results get a PSComputerName property so you can track which did which Let’s see it and see what options are available

17 DEMO 1:N REMOTING

18 Troubleshooting WinRM
Use the PSDiagnostics module to start a trace Review results in the event log Let’s briefly see where this lives Suggestion: Become familiar with a “normal” trace and then look for variations in a “problem” trace

19 DEMO DIAGNOSTICS

20 Sessions and Endpoints
In PowerShell v3, you actually get four possible endpoints (or “session configurations”) by default. Let’s see how to see them… connect to a specific one… and how to make your own! (Mega-cool)

21 DEMO Remoting Sessions

22 Summary This is Microsoft’s “way forward” for management – it’s worth your time to start playing with it now As “GUI on the server” becomes de-emphasized, remoting is what will help power client-side GUIs that talk to one or more remote servers

23 FOLLOW-UP / Q&A / CONTACT INFO Monthly PowerShell column Ask me questions: PowerShell Blog: Books: Learn Windows PowerShell in a Month of Lunches Windows PowerShell Scripting and Toolmaking

24 Any Final Questions? I will be in the TechEd Bookstore signing copies of Learn Windows PowerShell in a Month of Lunches I’ll also be hanging at “The Scripting Guys” pod in the Expo Hall Please drop by and let me know what you think, or ask follow-up questions! You can post questions to me at And again, that Twitter address Thank you!

25 Related Content WCL404: Building Reusable CLI and GUI Tools in PowerShell WSV07-TLC: Windows Server 2012 Server Manager and PowerShell DBI331: The Dirty Dozen: PowerShell Scripts for the Busy DBA SIA404: Deep Dive on Windows Server Active Directory Shell Find Me Later At “The Scripting Guys” pod in the Expo Hall!

26 Track Resources Resources for Developers Windows 8 is ready for Business Microsoft Desktop Optimization Pack: Microsoft Desktop Virtualization:

27 Track Resources Track Resources
Springboard Series: Explore > Plan > Deliver > Operate > Support for Windows 7 and Windows 8 MDOP Desktop Virtualization Windows Intune Internet Explorer 8, 9 and 10

28 Download the Windows 8 Release Preview Today
11/23/ :47 PM Download Download the Windows 8 Release Preview Today © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Track Resources Resources for Developers Windows 8 is ready for Business Microsoft Desktop Optimization Pack: Microsoft Desktop Virtualization:

30 Track Resources Track Resources
Springboard Series: Explore > Plan > Deliver > Operate > Support for Windows 7 and Windows 8 MDOP Desktop Virtualization Windows Intune Internet Explorer 8, 9 and 10

31 Download the Windows 8 Release Preview Today
11/23/ :47 PM Download Download the Windows 8 Release Preview Today © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Resources Learning TechNet http://northamerica.msteched.com
Connect. Share. Discuss. Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

33 Complete an evaluation on CommNet and enter to win!
Required Slide Complete an evaluation on CommNet and enter to win!

34 MS Tag Scan the Tag to evaluate this session now on myTechEd Mobile

35 11/23/ :47 PM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 11/23/ :47 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "PowerShell Remoting in Depth"

Similar presentations

Turning PowerShell Commands into Reusable CLI and GUI Tools Don Jones Senior Partner and Principal Technologist Concentrated Technology, LLC WCL404.

Turning PowerShell Commands into Reusable CLI and GUI Tools Don Jones Senior Partner and Principal Technologist Concentrated Technology, LLC WCL404.
Session 1.

Session 1.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
WCL328 - Windows Intune for the Enterprise David Nudelman Senior Consultant – Microsoft MVP OCSL - UK.

WCL328 - Windows Intune for the Enterprise David Nudelman Senior Consultant – Microsoft MVP OCSL - UK.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z01234567893.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
How to (un)destroy your Active Directory

How to (un)destroy your Active Directory
Stephen Rose- Sr Product Manager-

Stephen Rose- Sr Product Manager-
What’s New with IIS 8: Open Web Platform for Cloud

What’s New with IIS 8: Open Web Platform for Cloud
Microsoft Virtual Academy

Microsoft Virtual Academy
A Drivers Saga: The Control Freak Meets the Dynamic Developer

A Drivers Saga: The Control Freak Meets the Dynamic Developer
Deployment Internals: Mastering Windows Deployment Services

Deployment Internals: Mastering Windows Deployment Services
Running Reporting Services in SharePoint Integrated Mode: How and Why

Running Reporting Services in SharePoint Integrated Mode: How and Why
6/5/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

6/5/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Microsoft Virtual Academy

Microsoft Virtual Academy
TechEd 2013 7/3/2018 4:18 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

TechEd /3/2018 4:18 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Online virtual labs: The hidden gem for free hands-on learning, practice, and exploration CA Callahan.

Online virtual labs: The hidden gem for free hands-on learning, practice, and exploration CA Callahan.
9/11/2018 5:53 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

9/11/2018 5:53 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Unleash the Power of Microsoft Deployment Toolkit 2010

Unleash the Power of Microsoft Deployment Toolkit 2010
Tech·Ed North America /13/2018 5:39 AM

Tech·Ed North America /13/2018 5:39 AM
MDOP: Advanced Group Policy Management 4.0

MDOP: Advanced Group Policy Management 4.0

Similar presentations

Ads by Google