PowerShell Remoting (PS Remote)
Overview
Windows PowerShell Remoting. Using the WS-Management protocol, Windows PowerShell remoting lets you run any Windows PowerShell command on one or more remote computers.
Authentication
Specifying credentials
Credentials through PowerShell
$passwd = ConvertTo-SecureString "Password123" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ("lab\logagent", $passwd)Get-Credentials
Will popup a promtp to enter user credentials
$creds = Get-CredentialTrusted hosts
Windows by default has an empty TrustedHosts list, a list that contains those remote computers (hosts) that you can remotely manage from a client without authentication.
Lazy: Allow all
Set-Item WSMan:\localhost\Client\TrustedHosts * -ForceSpecify a host
Set-Item WSMan:localhost\client\trustedhosts -value ServerDC -ForceEnumerating for WinRM administrator access
Get all AD computers
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher.Filter = "(&(sAMAccountType=805306369))"
$Computers = $objSearcher.FindAll() | %{$_.properties.dnshostname}Check for administrator access
Invoke-Command -ScriptBlock {hostname} -ComputerName $Computers -ErrorAction SilentlyContinueCommand examples
Connecting to remote host
One-to-one remoting
If you want your remote session to be interactive, then one-to-one remoting is what you want. This type of remoting is provided via the
Enter-PSSessioncmdlet.
$creds = Get-Credential
Enter-PSSession -ComputerName dc01 -Credential $credsOne-to-many remoting
Sometimes you may need to perform a task interactively on a remote computer. But remoting is much more powerful when performing a task on multiple remote computers at the same time. Use the
Invoke-Commandcmdlet to run a command against one or more remote computers at the same time.
Invoke-Command -ComputerName dc01, sql02, web01 {Get-Service -Name W32time} -Credential $CredPowerShell Sessions
Similar to the CIM sessions, a PowerShell session to a remote computer can be used to run multiple commands against the remote computer without the overhead of a new session for each individual command.
$session = New-PSSession -ComputerName dc01, sql02, web01 -Credential $CredNow we can the variable $session to run persist commands.
Invoke-Command -Session $Session {(Get-Service -Name W32time).Start()}
Invoke-Command -Session $Session {Get-Service -Name W32time}When you finish remove the sessions
Get-PSSession | Remove-PSSessionExecuting script on remote host/s
Invoke-Command -ComputerName Server01, Server02 -FilePath c:\Scripts\DiskCollect.ps1File transfer
Downloading a file over PS Remote from remote machine
$sess = New-PSSession IT-APPSRV01
Copy-Item -FromSession $sess C:\{file} -Destination C:\Windows\Temp\{file}Upload a file over PS Remote to remote machine
$sess = New-PSSession IT-APPSRV01
Copy-Item -ToSession $sess C:\Windows\Temp\{file} -Destination C:\{file} Using WinRM on Kali PowerShell
Installing PowerShell on Kali
sudo apt install powershellEnter into PowerShell and install PSWSMan
pwsh
Install-Module PSWSMan -Force
Install-WSManCommon problems
Problem: Error message about unspecified GSS failure
Enter-PSSession : Connecting to remote server xxx.xxx.xxx.xxx failed with the following error message : acquiring creds with username only failed Unspecified GSS failure. Minor code may provide more information SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.
sudo apt install gss-ntlmsspProblem: Error message about access denied connecting with NTLM
Enter-PSSession : MI_RESULT_ACCESS_DENIED
Solution: Make sure to use -Authentication Negotiate even if this isn’t necessary when remoting from a Windows client.
References
Last updated