PowerShell Remoting | Windows Management Instrumentation

As defined by Microsoft: Windows PowerShell remoting lets you run any Windows PowerShell command on one or more remote computers. You can establish persistent connections, start interactive sessions, and run scripts on remote computers. PowerShell remoting is similar to SSH used in accessing remote computers.

PowerShell Remoting uses the Windows Management Instrumentation (protocol) – WMI is a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows systems. WMI provides information about the status of local or remote computer systems to users.

Note: PowerShell is disabled by default, so you will have to enable PowerShell Remoting before it can be used.

This is the Commandline tool needed to have the WMI enabled, But in my lab, it was already running as displayed. Simply enter

  • winrm quickconfig

Since this is already enabled and running as stated, we will proceed to access computers remotely.

If you wish to enable PowerShell Remoting via Powershell cmdlet, simply run the command below.

  • Enable-PSRemoting -Force

As you can see, the WinRM service is already running. The next step would be to access our computers remotely.

Note: in order to achieve success in setting up PowerShell Remoting in your domain depends on how your network is provisioned. Most-times, this service can be disabled via GPO. You will need an Administrative privilege in order to administer PowerShell Remoting.

Now that we have successfully connected to a computer on our network as shown above.
– Lets us now perform certain operations to get the computer system and security logs. Kindly see the image below for these steps.

Note: You can also connect to multiple computers at the same time and this requires using the PowerShell invoke cmdlet as shown below

Invoke-Command -ComputerName COMPUTER -ScriptBlock { COMMAND } -credential USERNAME

Cmdlet explanation: “computer” here represents the remote PC name or IP Address. “Command” here is the command you intend to run. “USERNAME” is the username you want to run the command as on the remote computer. This should have the needed Administrative privileges.

Note: You’ll be prompted to enter the desired password for the username

Further Tips: Needed to have a mastery of this service.
– Restart-Service WinRM
– Test-WsMan COMPUTER (This is needed to test if the WinRM service is running on the remote computer). If this executes successfully, then everything is alright.