Enter-PSsession: Run PowerShell Remote Commands

Windows PowerShell has switched up the Windows Server game. Think of PowerShell remoting like a remote control, reaching out to run commands on a distant computer. At the center of this sits Enter-PSSession, a key player that sets up a two-way conversation with a remote system. It’s like having a direct line to remote management. Let’s dig deeper into Enter-PSSession and its handy uses.

What is Enter-PSSession?

Enter-PSSession is a cmdlet that initiates a live interactive session with a single remote system. It employs the Windows Remote Management (WinRM) service to establish a connection with the targeted remote computer.

In a typical use case, a system administrator might leverage their user account to execute multiple commands on a distant Windows Server, irrespective of the geographical location, using Enter-PSSession.

To run the command at the PS C prompt:

Enter-PSSession

As you can see below, it will prompt you for the computer name you want to connect to for remote PowerShell commands.

Starting a new pssession

To start a session, you would typically use the Enter-PSSession ComputerName command, where ComputerName is the name or IP address of the remote server. The command prompt changes upon successful connection, reflecting the remote computer’s name.

Enter-PSSession mycomputer.domain.com

If the command fails and an error message displays, ensure that the WinRM service runs on the local and remote computers and that the Windows Firewall allows the connection request. You can ensure the WinRM service is enabled by running the Enable-PSRemoting command in the PowerShell console.

Enabling PowerShell remote management.

Taking Advantage of New-PSSession

New-PSSession is another vital cmdlet you will often use in conjunction with Enter-PSSession. It creates one or more PowerShell sessions (PSSessions) on a local or remote computer. With the New-PSSession command, you can establish persistent connections, allowing for multiple commands to be executed in the session.

For instance, a user might create a session object on a remote server with New-PSSession, perform various tasks during the interactive session, then exit with Exit-PSSession, preserving the session for subsequent use. The New-PSSession command allows you to manage multiple remote computers simultaneously, an excellent capability for remote management tasks.

Making the Most of Invoke-Command

While Enter-PSSession is perfect for one-off interactive sessions, the Invoke-Command cmdlet is the go-to for running commands on multiple remote computers. It allows you to run a command or script on a local or remote computer. Invoke-Command will be your best friend if you need to execute the same set of commands on several remote servers.

Invoke-Command

Configuring PowerShell Remoting and Session Configurations

PowerShell remoting leans on the WinRM service, which uses the WS-Management protocol. Usually, this service is tuned into port 5985 for HTTP connections and port 5986 for HTTPS ones. If you need to use a different port, you can change the Port parameter in your commands.

Session configuration is another critical aspect to consider. A session configuration is a group of settings defining the PowerShell sessions’ environment. This includes which user accounts can connect, which commands they can run, and various other preferences.

Ensuring Security in PowerShell Remoting

PowerShell remoting is secure. It uses the WinRM service, which itself relies on the Secure Sockets Layer (SSL) for an HTTPS connection. The WinRM service encrypts all PowerShell remoting traffic. But what if your remote server only supports an HTTP connection? In that case, you can use a digital public key certificate to encrypt credentials and any other important data.

If you’re managing remote machines, remember you’re responsible for remote access. Ensure your user account has the right privileges to execute commands on the remote server.

Configuring the WinRM Service and Permissions

WinRM service is key to PowerShell remoting. Before you start remote sessions with Enter-PSSession, you need to make sure that the WinRM service is set up correctly and that the remote computer has the right permissions.

Enabling the WinRM Service

The first step to configure the WinRM service is to enable it. On the remote computer, open the PowerShell console as an administrator and run the following command:

Enable-PSRemoting -Force

This command starts the WinRM service and sets it to start automatically with the system. It also configures the Windows Firewall to allow the necessary connections.

Setting up HTTPS Transport

For secure remote sessions with HTTPS, you need to get the WinRM service ready for secure connections. This means installing a server authentication certificate on the remote computer. With the certificate set, you then run the following command:

winrm quickconfig -transport:https

This command configures WinRM to use the HTTPS transport and sets the default port to 5986.

Setting up WinRM Permissions

To grant a user account permission to access a remote computer through PowerShell remoting, you need to add the user to the remote computer’s local Remote Management Users group. Open a command prompt on the remote computer as an administrator and run the following command, replacing <username> with the name of the user account:

net localgroup "Remote Management Users" /add <username>

Adjusting Session Configurations

Session configurations define the environment for a PowerShell session. To change the session configuration, you can use the Set-PSSessionConfiguration cmdlet. For example, the following command allows up to 100 concurrent connections from a single user:

Set-PSSessionConfiguration -Name Microsoft.PowerShell -MaximumReceivedDataSizePerCommandMB 100

By correctly configuring the WinRM service and permissions, you can ensure that your PowerShell remoting sessions function as expected. Remember, always carefully manage these settings to avoid potential security risks.

Enter-PSSession: Domain vs. Non-domain Joined

When working with PowerShell remoting, the context of your environment plays a crucial role in your operations. Specifically, whether your computers are domain-joined or non-domain-joined can significantly influence your usage of Enter-PSSession.

Domain-Joined Computers

In a domain environment, where the remote server and the local computer belong to the same Active Directory (AD) domain or trusting domains, setting up PowerShell remoting with Enter-PSSession is relatively straightforward. The cmdlet leverages the security infrastructure of the domain, allowing for secure credential passing and easier management.

You initiate an interactive session with a domain-joined remote computer using the Enter-PSSession ComputerName command, where ComputerName is the remote server’s fully qualified domain name (FQDN). A successful connection request leads to an interactive session, allowing the execution of multiple commands on the remote system.

If you’re working with multiple domain-joined computers, you can execute the same command across all machines simultaneously with Invoke-Command.

Non-Domain Joined Computers

Managing non-domain joined (workgroup) computers presents a different set of challenges. Without the domain infrastructure, the Enter-PSSession command might encounter authentication issues since the credential parameter doesn’t have a common authority for verification.

To establish a PowerShell remoting session with a non-domain joined computer, the WinRM service on the remote machine should be configured to allow connections from a user account on the local machine. This configuration is done by adding the local machine’s user account to the remote computer’s list of trusted hosts.

This process can involve editing the WinRM service’s settings directly or adjusting the Windows Firewall to allow the necessary traffic. Once completed, you can start an interactive session using the Enter-PSSession cmdlet, just like with a domain-joined computer.

Troubleshooting Common Errors

You might encounter an error message or two during your journey with PowerShell remoting. The error could be anything from a network port issue to the WinRM service not being enabled. Understanding these common errors and how to troubleshoot them is vital for any PowerShell user.

One common issue is the following error message: The WinRM client cannot process the request when running Enter-PSSession. This error usually means the remote computer is not set up for PowerShell remoting. Running Enable-PSRemoting in PowerShell as an administrator on the remote computer often resolves the issue.

Disconnecting and Ending Sessions

After establishing an interactive session with Enter-PSSession, you may want to disconnect instead of terminating the session, especially if you plan to reenter the session later. The Disconnect-PSSession cmdlet allows you to do this. When you’re ready to reestablish the connection, use Connect-PSSession.

To end a session, use the Exit-PSSession cmdlet. This terminates the interactive session and returns you to the local PowerShell session.

Basic Enter-PSSession Commands

Learning the basics of Enter-PSSession is the first step toward effective PowerShell remoting. Here are some fundamental commands you can use:

Starting a Session

To start an interactive session with a remote computer, you use the Enter-PSSession cmdlet followed by the -ComputerName parameter and the name of the computer you want to connect to.

Enter-PSSession -ComputerName Server01

Using a Different Port

If you’re connecting to a remote computer through an alternate port setting, specify the port number using the -Port parameter.

Enter-PSSession -ComputerName Server01 -Port 5986

Connecting Using Credentials

The- Credential parameter allows you to specify a username if you need to connect to a remote computer using a different user account.

$cred = Get-Credential Enter-PSSession -ComputerName Server01 -Credential $cred

The Get-Credential cmdlet prompts you for the username and password.

Connecting Using a Session

Instead of connecting to a remote computer directly, you can connect to a session on the remote computer using the -Session parameter.

$sess = New-PSSession -ComputerName Server01 Enter-PSSession -Session $sess

Exiting a Session

When you’re done with your tasks on the remote computer, you can use the Exit-PSSession cmdlet to terminate the session.

Exit-PSSession

Running Commands

Once inside an Enter-PSSession interactive session, you can execute any PowerShell command as if you’re on the remote computer. For instance:

Get-Process

The command above retrieves the list of running processes on the remote computer.

By familiarizing yourself with these basic Enter-PSSession commands, you’re well on your way to leveraging the power of PowerShell remoting in your administrative tasks.

Frequently Asked Questions

How Can I Run Multiple Commands in a Single Remote Session?

PowerShell provides several ways to execute multiple commands in a single remote session. One way is to separate each command using a semicolon (;) within an Enter-PSSession. Alternatively, you can use a script block with the Invoke-Command cmdlet.

Invoke-Command -ComputerName Server01 -ScriptBlock {Command1; Command2; Command3}

How Can I Ensure Remote Access Over HTTPS?

You need a digital public key certificate on the remote computer to establish a PowerShell remoting session over HTTPS. The certificate must be added to the WinRM service’s certificate store. Afterward, you can use the -UseSSL parameter in Enter-PSSession or New-PSSession to make an HTTPS connection.

Why do I see an Error Message when Running Enter-PSSession?

If you encounter an error message when attempting to establish a PowerShell remoting session, there might be a few causes. One of the most common is that the WinRM service, which powers PowerShell remoting, is not running on the remote computer. You can start it with the Enable-PSRemoting command.

What Is the Significance of Session Configuration in PowerShell Remoting?

Session configurations, also known as endpoints, define the environment for PowerShell sessions. They control aspects like language mode, permissions, and visible cmdlets. When starting a remote session with Enter-PSSession, you can specify a session configuration using the -ConfigurationName parameter.

Why Would I Need an Alternate Port Setting for PowerShell Remoting?

In some cases, the default port used by the WinRM service might be blocked by a firewall or used by another service. An alternate port setting can bypass such issues. Specify it with the -Port parameter when using Enter-PSSession or New-PSSession.

How Can I Use PowerShell Remoting with Virtual Machines?

PowerShell remoting works with virtual machines (VMs) the same way it does with physical computers. Ensure the VM has WinRM enabled and that any network or host firewalls allow the necessary connections.

Can I Continue a Disconnected Session in PowerShell Remoting?

You can reconnect to a disconnected session using Enter-PSSession with the -Session parameter, passing the disconnected session object.

$sess = Get-PSSession -InstanceId <instance id> Enter-PSSession -Session $sess

How Can I Enable PowerShell Remoting in Windows Vista?

Use the Enable-PSRemoting cmdlet from a PowerShell console with administrative privileges in Windows Vista and later versions. You might need to adjust Windows Firewall settings to allow the necessary connections.

What have we learned with PSSession?

PowerShell remoting uses commands like Enter-PSSession, New-PSSession, and Invoke-Command to help manage remote computers more effectively. Once you know how to use these commands and fix common problems, you’re on your way to mastering PowerShell remoting. Just make sure to stay safe, by checking user accounts and keeping sensitive data transfers secure.

Other posts you may like

• Windows Server Core 2019 Management Fundamentals
• Access local drives in an RDP session
• Basic Windows Server Automation with Ansible
• Logging off remote desktop kills user processes
• Fix WinRM Negotiate Authentication Error