Enter-PSsession: Run PowerShell Remote Commands

Windows PowerShell has switched up the Windows Server game. Think of PowerShell remoting like a remote control, reaching out to run commands on a distant computer. At the center of this sits Enter-PSSession, a key player that sets up a two-way conversation with a remote system. It’s like having a direct line to remote management. Let’s dig deeper into Enter-PSSession and its handy uses.
Table of contents
- What is Enter-PSSession?
- Taking Advantage of New-PSSession
- Making the Most of Invoke-Command
- Configuring PowerShell Remoting and Session Configurations
- Ensuring Security in PowerShell Remoting
- Configuring the WinRM Service and Permissions
- Enter-PSSession: Domain vs. Non-domain Joined
- Troubleshooting Common Errors
- Disconnecting and Ending Sessions
- Basic Enter-PSSession Commands
- Frequently Asked Questions
- How Can I Run Multiple Commands in a Single Remote Session?
- Why do I see an Error Message when Running Enter-PSSession?
- What Is the Significance of Session Configuration in PowerShell Remoting?
- Why Would I Need an Alternate Port Setting for PowerShell Remoting?
- How Can I Use PowerShell Remoting with Virtual Machines?
- Can I Continue a Disconnected Session in PowerShell Remoting?
- What have we learned with PSSession?
- Other posts you may like
What is Enter-PSSession?
Enter-PSSession is a cmdlet that initiates a live interactive session with a single remote system. It employs the Windows Remote Management (WinRM) service to establish a connection with the targeted remote computer.
In a typical use case, a system administrator might leverage their user account to execute multiple commands on a distant Windows Server, irrespective of the geographical location, using Enter-PSSession.
To run the command at the PS C prompt:
Enter-PSSession
As you can see below, it will prompt you for the computer name you want to connect to for remote PowerShell commands.
Starting a new pssession
To start a session, you would typically use the Enter-PSSession ComputerName command, where ComputerName is the name or IP address of the remote server. The command prompt changes upon successful connection, reflecting the remote computer’s name.
Enter-PSSession mycomputer.domain.com
If the command fails and an error message displays, ensure that the WinRM service runs on the local and remote computers and that the Windows Firewall allows the connection request. You can ensure the WinRM service is enabled by running the Enable-PSRemoting command in the PowerShell console.
Enabling PowerShell remote management.
Taking Advantage of New-PSSession
New-PSSession is another vital cmdlet you will often use in conjunction with Enter-PSSession. It creates one or more PowerShell sessions (PSSessions) on a local or remote computer. With the New-PSSession command, you can establish persistent connections, allowing for multiple commands to be executed in the session.
For instance, a user might create a session object on a remote server with New-PSSession, perform various tasks during the interactive session, then exit with Exit-PSSession, preserving the session for subsequent use. The New-PSSession command allows you to manage multiple remote computers simultaneously, an excellent capability for remote management tasks.
Making the Most of Invoke-Command
While Enter-PSSession is perfect for one-off interactive sessions, the Invoke-Command cmdlet is the go-to for running commands on multiple remote computers. It allows you to run a command or script on a local or remote computer. Invoke-Command will be your best friend if you need to execute the same set of commands on several remote servers.
Invoke-Command
Configuring PowerShell Remoting and Session Configurations
PowerShell remoting leans on the WinRM service, which uses the WS-Management protocol. Usually, this service is tuned into port 5985 for HTTP connections and port 5986 for HTTPS ones. If you need to use a different port, you can change the Port parameter in your commands.
Session configuration is another critical aspect to consider. A session configuration is a group of settings defining the PowerShell sessions’ environment. This includes which user accounts can connect, which commands they can run, and various other preferences.
Ensuring Security in PowerShell Remoting
PowerShell remoting is secure. It uses the WinRM service, which itself relies on the Secure Sockets Layer (SSL) for an HTTPS connection. The WinRM service encrypts all PowerShell remoting traffic. But what if your remote server only supports an HTTP connection? In that case, you can use a digital public key certificate to encrypt credentials and any other important data.
If you’re managing remote machines, remember you’re responsible for remote access. Ensure your user account has the right privileges to execute commands on the remote server.
Configuring the WinRM Service and Permissions
WinRM service is key to PowerShell remoting. Before you start remote sessions with Enter-PSSession, you need to make sure that the WinRM service is set up correctly and that the remote computer has the right permissions.
Enabling the WinRM Service
The first step to configure the WinRM service is to enable it. On the remote computer, open the PowerShell console as an administrator and run the following command:
Enable-PSRemoting -Force
This command starts the WinRM service and sets it to start automatically with the system. It also configures the Windows Firewall to allow the necessary connections.
Setting up HTTPS Transport
For secure remote sessions with HTTPS, you need to get the WinRM service ready for secure connections. This means installing a server authentication certificate on the remote computer. With the certificate set, you then run the following command:
winrm quickconfig -transport:https
This command configures WinRM to use the HTTPS transport and sets the default port to 5986.
Setting up WinRM Permissions
To grant a user account permission to access a remote computer through PowerShell remoting, you need to add the user to the remote computer’s local Remote Management Users group. Open a command prompt on the remote computer as an administrator and run the following command, replacing <username> with the name of the user account:
net localgroup "Remote Management Users" /add <username>
Adjusting Session Configurations
Session configurations define the environment for a PowerShell session. To change the session configuration, you can use the Set-PSSessionConfiguration cmdlet. For example, the following command allows up to 100 concurrent connections from a single user:
Set-PSSessionConfiguration -Name Microsoft.PowerShell -MaximumReceivedDataSizePerCommandMB 100
By correctly configuring the WinRM service and permissions, you can ensure that your PowerShell remoting sessions function as expected. Remember, always carefully manage these settings to avoid potential security risks.
Enter-PSSession: Domain vs. Non-domain Joined
When working with PowerShell remoting, the context of your environment plays a crucial role in your operations. Specifically, whether your computers are domain-joined or non-domain-joined can significantly influence your usage of Enter-PSSession.
Domain-Joined Computers
In a domain environment, where the remote server and the local computer belong to the same Active Directory (AD) domain or trusting domains, setting up PowerShell remoting with Enter-PSSession is relatively straightforward. The cmdlet leverages the security infrastructure of the domain, allowing for secure credential passing and easier management.
You initiate an interactive session with a domain-joined remote computer using the Enter-PSSession ComputerName command, where ComputerName is the remote server’s fully qualified domain name (FQDN). A successful connection request leads to an interactive session, allowing the execution of multiple commands on the remote system.
If you’re working with multiple domain-joined computers, you can execute the same command across all machines simultaneously with Invoke-Command.
Non-Domain Joined Computers
Managing non-domain joined (workgroup) computers presents a different set of challenges. Without the domain infrastructure, the Enter-PSSession command might encounter authentication issues since the credential parameter doesn’t have a common authority for verification.
To establish a PowerShell remoting session with a non-domain joined computer, the WinRM service on the remote machine should be configured to allow connections from a user account on the local machine. This configuration is done by adding the local machine’s user account to the remote computer’s list of trusted hosts.
This process can involve editing the WinRM service’s settings directly or adjusting the Windows Firewall to allow the necessary traffic. Once completed, you can start an interactive session using the Enter-PSSession cmdlet, just like with a domain-joined computer.
Troubleshooting Common Errors
You might encounter an error message or two during your journey with PowerShell remoting. The error could be anything from a network port issue to the WinRM service not being enabled. Understanding these common errors and how to troubleshoot them is vital for any PowerShell user.
One common issue is the following error message: The WinRM client cannot process the request when running Enter-PSSession. This error usually means the remote computer is not set up for PowerShell remoting. Running Enable-PSRemoting in PowerShell as an administrator on the remote computer often resolves the issue.
Disconnecting and Ending Sessions
After establishing an interactive session with Enter-PSSession, you may want to disconnect instead of terminating the session, especially if you plan to reenter the session later. The Disconnect-PSSession cmdlet allows you to do this. When you’re ready to reestablish the connection, use Connect-PSSession.
To end a session, use the Exit-PSSession cmdlet. This terminates the interactive session and returns you to the local PowerShell session.
Basic Enter-PSSession Commands
Learning the basics of Enter-PSSession is the first step toward effective PowerShell remoting. Here are some fundamental commands you can use:
Starting a Session
To start an interactive session with a remote computer, you use the Enter-PSSession cmdlet followed by the -ComputerName parameter and the name of the computer you want to connect to.
Enter-PSSession -ComputerName Server01
Using a Different Port
If you’re connecting to a remote computer through an alternate port setting, specify the port number using the -Port parameter.
Enter-PSSession -ComputerName Server01 -Port 5986
Connecting Using Credentials
The- Credential parameter allows you to specify a username if you need to connect to a remote computer using a different user account.
$cred = Get-Credential Enter-PSSession -ComputerName Server01 -Credential $cred
The Get-Credential cmdlet prompts you for the username and password.
Connecting Using a Session
Instead of connecting to a remote computer directly, you can connect to a session on the remote computer using the -Session parameter.
$sess = New-PSSession -ComputerName Server01 Enter-PSSession -Session $sess
Exiting a Session
When you’re done with your tasks on the remote computer, you can use the Exit-PSSession cmdlet to terminate the session.
Exit-PSSession
Running Commands
Once inside an Enter-PSSession interactive session, you can execute any PowerShell command as if you’re on the remote computer. For instance:
Get-Process
The command above retrieves the list of running processes on the remote computer.
By familiarizing yourself with these basic Enter-PSSession commands, you’re well on your way to leveraging the power of PowerShell remoting in your administrative tasks.
Frequently Asked Questions
How Can I Run Multiple Commands in a Single Remote Session?
PowerShell provides several ways to execute multiple commands in a single remote session. One way is to separate each command using a semicolon (;) within an Enter-PSSession. Alternatively, you can use a script block with the Invoke-Command cmdlet.
Invoke-Command -ComputerName Server01 -ScriptBlock {Command1; Command2; Command3}
How Can I Ensure Remote Access Over HTTPS?
You need a digital public key certificate on the remote computer to establish a PowerShell remoting session over HTTPS. The certificate must be added to the WinRM service’s certificate store. Afterward, you can use the -UseSSL parameter in Enter-PSSession or New-PSSession to make an HTTPS connection.
Why do I see an Error Message when Running Enter-PSSession?
If you encounter an error message when attempting to establish a PowerShell remoting session, there might be a few causes. One of the most common is that the WinRM service, which powers PowerShell remoting, is not running on the remote computer. You can start it with the Enable-PSRemoting command.
What Is the Significance of Session Configuration in PowerShell Remoting?
Session configurations, also known as endpoints, define the environment for PowerShell sessions. They control aspects like language mode, permissions, and visible cmdlets. When starting a remote session with Enter-PSSession, you can specify a session configuration using the -ConfigurationName parameter.
Why Would I Need an Alternate Port Setting for PowerShell Remoting?
In some cases, the default port used by the WinRM service might be blocked by a firewall or used by another service. An alternate port setting can bypass such issues. Specify it with the -Port parameter when using Enter-PSSession or New-PSSession.
How Can I Use PowerShell Remoting with Virtual Machines?
PowerShell remoting works with virtual machines (VMs) the same way it does with physical computers. Ensure the VM has WinRM enabled and that any network or host firewalls allow the necessary connections.
Can I Continue a Disconnected Session in PowerShell Remoting?
You can reconnect to a disconnected session using Enter-PSSession with the -Session parameter, passing the disconnected session object.
$sess = Get-PSSession -InstanceId <instance id> Enter-PSSession -Session $sess
How Can I Enable PowerShell Remoting in Windows Vista?
Use the Enable-PSRemoting cmdlet from a PowerShell console with administrative privileges in Windows Vista and later versions. You might need to adjust Windows Firewall settings to allow the necessary connections.
What have we learned with PSSession?
PowerShell remoting uses commands like Enter-PSSession, New-PSSession, and Invoke-Command to help manage remote computers more effectively. Once you know how to use these commands and fix common problems, you’re on your way to mastering PowerShell remoting. Just make sure to stay safe, by checking user accounts and keeping sensitive data transfers secure.