Using WinRS and PowerShell for Remote Management in Windows 7

Before you start

Objectives: Learn how to enable Remote Management service, and how to use Windows Remote Shell (WinRS) and PowerShell to send commands to remote computers.

Prerequisites: you have to know about remote management tools in general.

Key terms: Windows Remote Shell, WinRM, PowerShell, Remote Management, Windows 7

 Windows Remote Management Service Set Up

To be able to manage and maintain computers remotely from the command prompt, the first thing we need to do on each computer is to enable Remote Management. To do that we have to open the command prompt with administrative rights and enter the “winrm qc” command.

 1 winrm qc

winrm qc Command

We have to say “Yes” to the prompt (just enter “y”).  This command will set up Windows Remote Management on the computer. Remember that we have to run this command on all computers which will participate in remote management. For this demo, we have done this on our two Windows 7 desktop machines in our LAN. Those computers are not members of Active Directory domain.

Trust Set Up

Once the Windows Remote Management service is set up, the next have to do is configure trusts between our two computer. Have in mind that because these computers are not in the same Active Directory domain, there’s no Kerberos trust or certificate trust set between our computers.  Because of that we have to manually set up trust between our remote management services. Our first computer is named “WIN-7-VM1”, and our second computer is named “WIN-7-VM2”. So, the “WIN-7-VM1” will trust “WIN-7-VM2”, and vice verca. On “WIN-7-VM1” machine we will enter the following command in elevated CMD:

winrm set winrm/config/client @{TrustedHosts="WIN-7-VM2"}

 2 Trust WIN-7-VM

Trust Win-7-VM2

 On “WIN-7-VM2” machine we will enter the following command:

winrm set winrm/config/client @{TrustedHosts="WIN-7-VM1"}

 3 Trust ivancic-s

Trust Win-7-VM1

In Active Directory environment we wouldn’t have to worry about this because all the clients have a Kerberos trust.

Using Remote Shell

Now that the trust is set up, we can go and use the Windows Remote Shell command to run a command remotely on another computer.  Let’s try and list directories from “WIN-7-VM1” computer in “WIN-7-VM2” computer. To do that we will enter the command

winrs -r:WIN-7-VM2 ipconfig

4 Sending Commands To Remote Machine

winrs Sending Commands

So, with this we have actually run “ipconfig” command on WIN-7-VM2 machine, and in that way found the IP address of remote computer. To check the content of C:\ drive on remote computer, we would enter:

winrs -r:WIN-7-VM2 dir C:\

So, we can run any command we want on that remote machine.

But, we haven’t specified the user which will be used to run our commands. The thing is, Windows Remote Shell will try to negotiate authentication. If negotiation is not not successful, it will prompt us for the credentials. If we want, we can also specify the user under which the command will run using the “-u” parameter, like this:

5 Specify Username

Command With Specified User

Note that we are prompted for user password.


We can also use PowerShell to manage remote computers. To open PowerShell, we simply enter “powershell” in cmd.

 6 PowerShell

Enable PowerShell

In PowerShell we can also enter regular commands, but we can now also use advanced PowerShell features like filtering or piping. Combining those features with remote management makes it even stronger.  So, we can run PowerShell commands on a remote machine using a “icm” command. We have to specify the name of the computer, and then script or block of script. We can define a block of script by putting it in brackets. For example, to get the ipconfig information from the “WIN-7-VM2”, we would enter

icm WIN-7-VM2 {ipconfig}

7 PowerShell Command

Remote Command Using PowerShell

Of course, we can use cmdlets:

 8 Get-Host

Sending cmdlets to Remote Computer

To shutdown remote computer:

 icm WIN-7-VM2 {stop-computer -force}

To restart remote computer:

icm WIN-7-VM2 {restart-computer -force}

So, as we have seen  we can send commands to remote machines. Practically, any command we can run locally, we can also send to remote machine.