Tags


powershell_logo

I’m going to start with something you should be aware of when working with Powershell.  You CAN access a lot of information remotely without Powershell Remoting. 

You can without question.

It’s just a lot slower and not as Powerful.   I can do a GET-EVENT from a remote computer and get it’s event log.   But it’s just SLOOOOOOOOOOWWWW!!!

With Powershell Remoting your life is a breeze!

And it’s REALLY easy to work with too!

First off both machines have to be running Powershell V2.

Machines receiving the “Remote Instructions” need to have Remoting enabled

And you need  a few minutes to play.  Yes it’s THAT easy.

There’s two types of remoting I’ve started to play with.  One is more of a DIRECT interaction remote Shell, and the other actually runs remote commands and let’s you received the data locally.

The second is the coolest!

So stage one.  Enabling Remoting on the “Remote System”

In an Elevated Powershell Prompt (Run as Administrator) execute the following command

Enable-PSRemoting

You will get prompted to allow it to run afterwards since Ps Remoting is enabling features and adjusting Firewall settings to allow it to run

image

Select “A” for Yes to All (I promise it won’t hurt you) and allow to run through.  You’ll need to be connected to the network and running in a Domain Profile or Private network profile to work.   It will take a few moments and now the machine is ready to accept remote Powershell connections.

But how to use them?

Ahh well THAT is the easiest bit.  Here’s the “Direct Console” method which effectively has you running commands locally but executing and processing remotely.

Just run a

NEW-PSSESSION –computername REMOTECOMPUTERNAME

ENTER-PSSESSION –computername REMOTECOMPUTERNAME

That’s it!  You’re now connected to that computer running commands as if you were logged into running a normal Powershell prompt.

To exit just type

EXIT-PSSESSION –computername REMOTECOMPUTERNAME

Now that wasn’t so difficult was it?

But HERE is coolness.   It’s the ONE feature I’ve been dying for.   Invoke command remotely but have the results piped to you locally!

And what do you know?  You use INVOKE-COMMAND

So if type

INVOKE-COMMAND –scriptblock { get-childitem } –computername REMOTECOMPUTERNAME

That will actually run a ‘get-childitem’ in the default context (file system) on the computer called “REMOTECOMPUTERNAME”.  And the really cool bit is what results from that command I can save and work with (including Piping) LOCALLY.

Can you see the potential here?  Get entire event logs from a DC, filter them for what you want and look at the results locally on your Excel spreadsheet!

So this example

INVOKE-COMMAND –scriptblock { GET-EVENTLOG –LOGNAME ‘Application’ | where { $_.EntryType –eq ‘Error’ } } –computername REMOTECOMPUTERNAME

Will pull down the Application Event log from that remote computer.  I can put that data DIRECTLY into a EXPORT-CSV via a pipe, or make a more specific script and have it filter for certain types of data.

But the import detail here is one thing.  It is SO much faster and SO much more powerful.  Because of Powershell?  It wouldn’t take much to Query Active Directory for a list of Servers and query ALL the Event logs and pull down a nice fancy report from the result!

 

Powershell – I love You

Sean
The Energized Tech

Advertisements