Before you start
Objectives: Learn how to enable Remote Management service, and how to use Windows Remote Shell (WinRS) and PowerShell to send commands to remote computers.
Prerequisites: you have to know about remote management tools in general.
Key terms: Windows Remote Shell, WinRM, PowerShell, Remote Management, Windows 7
Windows Remote Management Service Set Up
To be able to manage and maintain computers remotely from the command prompt, the first thing we need to do on each computer is to enable Remote Management. To do that we have to open the command prompt with administrative rights and enter the “winrm qc” command.
winrm qc Command
We have to say “Yes” to the prompt (just enter “y”). This command will set up Windows Remote Management on the computer. Remember that we have to run this command on all computers which will participate in remote management. For this demo, we have done this on our two Windows 7 desktop machines in our LAN. Those computers are not members of Active Directory domain.
Trust Set Up
Once the Windows Remote Management service is set up, the next have to do is configure trusts between our two computer. Have in mind that because these computers are not in the same Active Directory domain, there’s no Kerberos trust or certificate trust set between our computers. Because of that we have to manually set up trust between our remote management services. Our first computer is named “WIN-7-VM1”, and our second computer is named “WIN-7-VM2”. So, the “WIN-7-VM1” will trust “WIN-7-VM2”, and vice verca. On “WIN-7-VM1” machine we will enter the following command in elevated CMD:
winrm set winrm/config/client @{TrustedHosts="WIN-7-VM2"}
Trust Win-7-VM2
On “WIN-7-VM2” machine we will enter the following command:
winrm set winrm/config/client @{TrustedHosts="WIN-7-VM1"}
Trust Win-7-VM1
In Active Directory environment we wouldn’t have to worry about this because all the clients have a Kerberos trust.
Using Remote Shell
Now that the trust is set up, we can go and use the Windows Remote Shell command to run a command remotely on another computer. Let’s try and list directories from “WIN-7-VM1” computer in “WIN-7-VM2” computer. To do that we will enter the command
winrs -r:WIN-7-VM2 ipconfig
winrs Sending Commands
So, with this we have actually run “ipconfig” command on WIN-7-VM2 machine, and in that way found the IP address of remote computer. To check the content of C:\ drive on remote computer, we would enter:
winrs -r:WIN-7-VM2 dir C:\
So, we can run any command we want on that remote machine.
But, we haven’t specified the user which will be used to run our commands. The thing is, Windows Remote Shell will try to negotiate authentication. If negotiation is not not successful, it will prompt us for the credentials. If we want, we can also specify the user under which the command will run using the “-u” parameter, like this:
Command With Specified User
Note that we are prompted for user password.
PowerShell
We can also use PowerShell to manage remote computers. To open PowerShell, we simply enter “powershell” in cmd.
Enable PowerShell
In PowerShell we can also enter regular commands, but we can now also use advanced PowerShell features like filtering or piping. Combining those features with remote management makes it even stronger. So, we can run PowerShell commands on a remote machine using a “icm” command. We have to specify the name of the computer, and then script or block of script. We can define a block of script by putting it in brackets. For example, to get the ipconfig information from the “WIN-7-VM2”, we would enter
icm WIN-7-VM2 {ipconfig}
Remote Command Using PowerShell
Of course, we can use cmdlets:
Sending cmdlets to Remote Computer
To shutdown remote computer:
icm WIN-7-VM2 {stop-computer -force}
To restart remote computer:
icm WIN-7-VM2 {restart-computer -force}
So, as we have seen we can send commands to remote machines. Practically, any command we can run locally, we can also send to remote machine.