Posts
Remote
Control: One to One, and One to Many. This chapter is all about the remote
functions of PowerShell and how to use them.
Don mentions
something in the first part of this chapter that I noticed when I started with
the help files in chapter 3. I got really excited when I saw the -computername
parameter in the help file for Get-Service but didn’t really see to many in
some of the other commands. This was strange to me because I know that
PowerShell has a very powerful remoteing capability from everything that I have
read.
So how does
it work? In a nutshell you are pushing the commands out across the network and
they are running on the remote machines and sending the information back to
your console. PowerShell is using a specific service call WinRM. Now the really
cool part about this is that all of PowerShells remote traffic is carried over
HTTP and HTTPS protocols, and all of the return PowerShell objects are being
converted to xml.
Configuring
WinRM for PowerShell is a fairly straightforward process and must be done on
every machine that you want to run remote commands on. If you only have a few
to do or are in a workgroup then you can just call the Enable-PSRemoting
cmdlet. Basically what this command does is start the WinRm Service and its startup
type to auto, sets up PowerShell as a user of WinRM, and will even set a
firewall rule allowing winrm traffic. Now if you are on a domain you can make
this super easy and just use a Group Policy Object template, or if your servers
are 2008 r2 then the settings are built right in. They are located in: Computer
Configuration/Administrative Templates/Windows Components/Remote Shell and
Windows Remote Management.
To start a
one-to-one connection in PowerShell use the Enter-PSSession cmdlet (I bet you
didn’t know to close it you would use the inverse, Exit command: ) then you
just specify the -computername parameter and away you go. Easy right. One of
the best parts is it passes your local account for authentication and you will
wind up with the same permissions on the remote computer (if your running as
admin locally it will run your shell as admin on the remote system).
If you want
to use one-to-many remoting then the next section is for you. As Don puts it in
the book, this is full scale distributed computing. The cmdlet that does this
is Invoke-Command. You can specify the remote computers with the computername
parameter.
Examples: Invoke-Command
-Computername wkstn1,wkstn2,server1,server2,server3 -command (get-service)
Invoke-Command -Computer (get-content
c:\list.txt) -command {get-eventlog -newest 100) | {where -property entrytype - eq error}}
The really
cool part about this last command is that the remote computers are processing
all of the information, all at the exact same time, and your admin workstation
is receiving all the info. Nothing more than collections is being done on your
local machine. How cool is that. I cant wait to test this on a domain : )
There is so
much more to cover that I am going to have to write a second post when I
actually get a chance to implement and test the remote capabilities. Ill report
back but until then have a great day.
No comments:
Post a Comment