Are you trying to run Scripts on Remote Computers?
This guide will help you.
PowerShell helps us to run commands remotely on one or more computers in our network.
The functionality of remote command execution in PowerShell is called PowerShell Remoting (appeared in PowerShell 2.0) and based on the capabilities of the Web Services for Management protocol (WS-Management).
With PowerShell Remoting, you can run commands on one or several remote computers. You can use the interactive session mode with remote computers, a temporary, or permanent connection.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform PowerShell related queries.
In this context, we shall look into how to run scripts on Remote Computers.
The Invoke-Command cmdlet uses remote management features from PowerShell Remoting.
PowerShell Remoting allows connecting remotely to PowerShell sessions on computers via WinRM service and WS-Management protocol.
Here, our Support Experts will show you how to use the Invoke-Command cmdlet to run PowerShell commands remotely.
PowerShell Remoting uses HTTP or HTTPS to communicate between computers.
In order to begin, the remote computer we are going to connect should run WinRM.
To check the WinRM service status, we run:
Get-Service -Name “*WinRM*” | fl
We start the service if it is not:
Enable-PSRemoting
WinRM has been updated to receive requests.
WinRM service started.
WinRM is already set up for remote management on this computer.
This command starts the WinRM service, sets the default winrm settings, and adds exception rules to Windows Firewall.
Then we can connect to the computer remotely using PowerShell Remoting.
However, if the network type is Public, the command returns the following error:
Set-WSManQuickConfig : … WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.
In such a case, we change the network location to Private or use the command:
Enable-PSRemoting –SkipNetworkProfileCheck.
Also, enable the Windows Defender Firewall rule that allows access to WinRM in public networks:
Set-NetFirewallRule -Name ‘WINRM-HTTP-In-TCP’ -RemoteAddress Any
In order to test the connection to a remote computer via PowerShell Remoting, we run:
Test-WsMan compname1
If we do not have an Active Directory domain, we use the NTLM protocol for authentication.
When using NTLM, if we try to run Invoke-Command we may come across the error:
PS C:\> Invoke-Command -ComputerName 192.168.1.201 -ScriptBlock {get-services}
[192.168.1.201] Connecting to remote server 192.168.1.102 failed with the following error message: The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: thetransport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. + FullyQualifiedErrorId: CannotUseIPAddress,PSSessionStateBroken
To make NTLM authentication work on a computer to connect, we need to issue an SSL certificate or add the hostname/IP address to the trusted host list:
Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.1.201
Or we can allow connection to all computers.
Set-Item wsman:\localhost\Client\TrustedHosts -value *
We must apply the same settings to remote hosts.
To display the list of trusted hosts, we run:
Get-Item WSMan:\localhost\Client\TrustedHosts
Eventually, to apply the changes, restart WinRM:
Restart-Service WinRM
We can also enable and configure WinRM using Group Policies.
The Invoke-Command cmdlet allows us to run a command on more than one remote computer.
For example, to run a single command on a remote computer, use:
Invoke-Command -ComputerName dc01 -ScriptBlock {$PSVersionTable.PSVersion}
This command will display the PowerShell version on the remote computer.
Enter the command to be run on a remote computer in the -ScriptBlock {[cmdlet]} block.
By default, a command sent via Invoke-Command executes as the current user on a remote computer. To run it as another user, request the user credentials and save them to a variable:
$cred = Get-Credential
Invoke-Command -ComputerName dc01 -Credential $cred -ScriptBlock {Get-NetAdapter}
This displays the list of network interfaces on a remote computer.
We can enter more than one command in the ScriptBlock.
For example, the following command displays the current time zone and change it to another one:
Invoke-Command -Computername dc01 -ScriptBlock {Get-TimeZone| select DisplayName;Set-TimeZone -Name “Central Europe Standard Time”}
Invoke-Command allows to run not only individual commands, but also run PowerShell scripts.
To do it, instead of –ScriptBlock it uses the -FilePath argument.
In this case, we specify the path to the local PS1 script file on the computer:
Invoke-Command -ComputerName DC01 -FilePath C:\PS\Scripts\CheckSMBversion.ps1
We can use the Invoke-Command to run commands on multiple remote computers simultaneously.
In the simplest case, name the computers to run PowerShell commands separately with commas:
Invoke-Command server1, server2, server3 -ScriptBlock {get-date}
We can place the list of computers into a variable:
$servers = @(“server1″,”server2″,”server3”)
Invoke-Command -ScriptBlock { get-date} -ComputerName $servers
Or get from a text file:
Invoke-Command -ScriptBlock {Restart-Service spooler} -ComputerName(Get-Content c:\ps\servers.txt)
In addition, we can get a list of computers in AD using the Get-ADComputer cmdlet or the PowerShell module.
To run a command in all Windows Server hosts in the domain, use the following PowerShell code:
$computers = (Get-ADComputer -Filter ‘OperatingSystem -like “*Windows server*” -and Enabled -eq “true”‘).Name
Invoke-Command -ComputerName $computers -ScriptBlock {Get-Date} -ErrorAction SilentlyContinue
If a computer is off or unavailable, the script will not stop due to the SilentlyContinue parameter and will continue to run on other computers.
To understand from where the result came, use the PSComputerNamee environment variable.
$results = Invoke-Command server1, server2, server3 -ScriptBlock {get-date}
$results | Select-Object PSComputerName, DateTime
Invoke-Command on multiple computers run simultaneously.
It has a restriction on the maximum number of computers to manage at the same time (the default value is 32).
If we want to run a command on more than 32 computers (128, for example), we can use –ThrottleLimit 128.
This article covers how to Run Scripts on Remote Computers. You can run commands on one or hundreds of computers with a single PowerShell command. Windows PowerShell supports remote computing by using various technologies, including WMI, RPC, and WS-Management.
PowerShell Core supports WMI, WS-Management, and SSH remoting. In PowerShell 6, RPC is no longer supported. In PowerShell 7 and above, RPC is supported only in Windows.
Windows PowerShell Remoting
Using the WS-Management protocol, Windows PowerShell remoting lets you run any Windows PowerShell command on one or more remote computers.
You can establish persistent connections, start interactive sessions, and run scripts on remote computers.
To use Windows PowerShell remoting, the remote computer must be configured for remote management.
Once you have configured Windows PowerShell remoting, many remoting strategies are available to you.
How to Start an Interactive Session ?
To start an interactive session with a single remote computer, use the Enter-PSSession cmdlet.
For example, to start an interactive session with the Server01 remote computer, type:
Enter-PSSession Server01
The command prompt changes to display the name of the remote computer.
Any commands that you type at the prompt run on the remote computer and the results are displayed on the local computer.
To end the interactive session, type:
Exit-PSSession