PowerShell: Remoting across HomeGroup machines

I’m a bit surprised I haven’t covered this before: I have no domain at home, but we are all part of the same HomeGroup. So with a little change from actions I take at work to remotely enable PowerShell, I can achieve it at home as well.

As a rule of thumb for these examples, when doing the admin actions to set these things up, always start the PowerShell session in administrator mode.

  1. Make sure winrm is running (apply these actions generally to all machines in the HomeGroup for simplicity, even though in some contexts we want to be the local machine, and in others the remote machine:

winrm quickconfig

PSRemoting06

It’s running, fine – just confirm how that looks in Services:

Get-Service WinRM

PSRemoting09

2. Enable PowerShell remoting (with Force option to override the interaction)

Enable-PSRemoting -Force

PSRemoting07

3. Add the remote computer to the list of trusted hosts for the local computer in WinRm:

winrm s winrm/config/client '@{TrustedHosts="The Remote PC"}'

PSRemoting08

4. Now try to connect to the remote PC

New-PSSession -ComputerName Remote-PC -Credential Get-Credential

PSRemoting10

5. Do something on the remote PC

A trivial example just to prove that we are doing stuff on the remote machine Рthe file in the screenshot below datagen.txt for example I know to exist only on the remote computer, not the local one:

function Do-It() {
 [CmdletBinding()]
 Param()

$session = New-PSSession -ComputerName Remote-PC
 Invoke-Command -Session $session -ScriptBlock {
 $VerbosePreference = $using:VerbosePreference
 Write-Verbose "Test"
 Get-ChildItem -Path c:\ -Filter *.txt
 }
 }

PSRemoting11

PSRemoting12

Advertisements

Azure: PowerShell remoting

(What I actually wanted to do, namely probe my Azure servers for security holes, will have to wait until another day, reminder to self. This (failing to get to that point) is because I understood starting, stopping, etc Azure VMs via PowerShell, I assumed that PowerShell remoting would be trivial. Well it is, arguably, but you still need to know the commands, and get your self-signed certificates in place, etc.

There were a few points of frustration, and an irritation that I have burned 2 hours getting to this point, but it’s worth recording.

This was the main pain, and I wasted time thinking that about_remote_troubleshooting help would actually contain some relevant information:

UnknownCertAuth02

Thank you to this person, as all the answers are there, including the obvious one of plugging the https qualified url into say Chrome, saving the certificate, and importing it into your local trusted root ca store.

https://blogs.endjin.com/2014/03/a-step-by-step-guide-to-connecting-to-an-azure-virtual-machine-with-powershell-remoting/

This person was also helpful – thanks:

http://michaelwasham.com/windows-azure-powershell-reference-guide/introduction-remote-powershell-with-windows-azure/

https://gallery.technet.microsoft.com/scriptcenter/Configures-Secure-Remote-b137f2fe

Ref the latter, of course when you download the reference PowerShell script, no amount of telling PS that the file is OK seems to work (including Unblocking on the OS), so I copied the content and then it was fine. As I can’t download scripts, but can text, this is the content – all credit to the author, who is not me, to be clear:

<#
.SYNOPSIS

Downloads and installs the certificate created or initially uploaded during creation of a Windows based Windows Azure Virtual Machine.

.DESCRIPTION

Downloads and installs the certificate created or initially uploaded during creation of a Windows based Windows Azure Virtual Machine.
Running this script installs the downloaded certificate into your local machine certificate store (why it requires PowerShell to run elevated).
This allows you to connect to remote machines without disabling SSL checks and increasing your security.

.PARAMETER SubscriptionName

The name of the subscription stored in WA PowerShell to use. Use quotes around subscription names with spaces.
Download and configure the Windows Azure PowerShell cmdlets first and use Get-AzureSubscription | Select SubscriptionName to identify the name.

.PARAMETER ServiceName

The name of the cloud service the virtual machine is deployed in.

.PARAMETER Name

The name of the virtual machine to install the certificate for.

.EXAMPLE

.\InstallWinRMCertAzureVM.ps1 -SubscriptionName "my subscription" -ServiceName "mycloudservice" -Name "myvm1"

#>

param([string] $SubscriptionName, [string] $ServiceName, [string] $Name)

Function IsAdmin
{
$IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()`
).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")

return $IsAdmin
}

Function InstallWinRMCertificateForVM()
{
param([string] $CloudServiceName, [string] $Name)
if((IsAdmin) -eq $false)
{
Write-Error "Must run PowerShell elevated to install WinRM certificates."
return
}

Write-Host "Installing WinRM Certificate for remote access: $CloudServiceName $Name"
$WinRMCert = (Get-AzureVM -ServiceName $CloudServiceName -Name $Name | select -ExpandProperty vm).DefaultWinRMCertificateThumbprint
$AzureX509cert = Get-AzureCertificate -ServiceName $CloudServiceName -Thumbprint $WinRMCert -ThumbprintAlgorithm sha1

$certTempFile = [IO.Path]::GetTempFileName()
$AzureX509cert.Data | Out-File $certTempFile

# Target The Cert That Needs To Be Imported
$CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certTempFile

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($CertToImport)
$store.Close()

Remove-Item $certTempFile
}
Select-AzureSubscription $SubscriptionName
InstallWinRMCertificateForVM -CloudServiceName $ServiceName -Name $Name

Finally, a bunch of commands I used in the session:

Get-Module Azure
Add-AzureAccount
Get-AzureSubscription
Get-AzureVM
$vm="MyVm"
Start-AzureVM -ServiceName $vm -Name $vm
Get-AzureVM -ServiceName $vm -Name $vm
$uri = Get-AzureWinRMUri -ServiceName $vm -Name $vm
$credential = New-Object System.Management.Automation.PSCredential($user, $pwd)
Enter-PSSession -ConnectionUri $uri -Credential Get-Credential
$ps = New-PSSession -ConnectionUri $uri -Credential $credential
Enter-PSSession -Session $ps