Description

Perform the steps below to invoke PowerShell Script on Remote Machine (Enable WinRM Protocol and set trusted host list value to * on local as well as target system) 

Parameters

Prerequisites

  Set Up Your Workgroup

For PowerShell Remoting to work in a workgroup environment, you must configure your network as a private or domain, not public network.

For guidance on this refer to below link

Guide on private and public networks.

Following exception occurs if the network is public.

Set-WSManQuickConfig: WinRM firewall exception will not work since one of the network connection types on this machine   is set to Public. Change the network connection type to either Domain or Private and try again.

Enable PowerShell Remoting on the PC You Want to Access Remotely

Your first step is to enable PowerShell Remoting on the PC to which you want to make remote connections. On that PC, you’ll need to open PowerShell with administrative privileges.

Command-   Enable-PSRemoting –Force

Following error occurs if this command is not executed

[<IP Address>] Connecting to remote server <IP Address>failed with the following error message: Access is denied. For more information, see the about_Remote_Troubleshooting 

Help topic. + CategoryInfo : OpenError: (10.41.16.51:String) [], PSRemotingTransportException+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken 

Configure the Trusted Hosts setting.          

You need to configure the TrustedHosts setting on PC you want to connect from, so the computers will trust each other. 

If you want to go ahead and trust PC to connect remotely, you can type the following cmdlet in PowerShell (again, you’ll need to run it as Administrator).

Set-Item WSMan:\localhost\Client\TrustedHosts -Value $IPAddress -Force 

To add more than one machine to the trusted hosts list using winrm

winrm set winrm/config/client '@{TrustedHosts=" IPAddress1, IPAddress2,… "}'

Following error occurs if this command is not executed

Connecting to remote server <IP Address>failed with the following error message: The WinRM client cannot process the request. If the authentication scheme is 

different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

+ CategoryInfo: OpenError: (10.41.11.5:String) [], PSRemotingTransportException

+ FullyQualifiedErrorId : ServerNotTrusted,PSSessionStateBroken   

Test Connection

On the PC you want to access the remote system from, type the following cmdlet into PowerShell (replacing “COMPUTER” with the name or IP address of the remote PC), 

Test-WsMan COMPUTER  

This simple command tests whether the WinRM service is running on the remote PC. If it completes successfully, you’ll see information about the remote computer’s WinRM service in the window—signifying that WinRM is enabled and your PC can communicate. If the command fails, you’ll see an error message instead.

Set-ExecutionPolicy

Change the user preference for the execution policy of the shell.

Syntax:

     Set-ExecutionPolicy [-executionPolicy] Policy

     {Unrestricted | RemoteSigned | AllSigned | Restricted | Default | Bypass | Undefined}

     [[-Scope] ExecutionPolicyScope ] [-Force]

Example:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted

Valid values:

1. Restricted
   

Do not load configuration files or run scripts.

This is the default.

2. AllSigned
   

Require that all scripts and configuration files be signed

by a trusted publisher, including scripts that you write on the

local computer.

3. RemoteSigned
   

Require that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.

4. Unrestricted
   

Load all configuration files and run all scripts.

If you run an unsigned script that was downloaded from the internet, you are prompted for permission before it runs.

5. Bypass
   

Nothing is blocked and there are no warnings or prompts.

6. Undefined
   

Remove the currently assigned execution policy from the current scope. This parameter will not remove an execution policy that is set in a Group Policy scope.

The following is a description of the flags

1. -Force:
   

Suppress all prompts. 

By default, Set-ExecutionPolicy displays a warning whenever the execution policy is changed.

2. -Scope ExecutionPolicyScope
   

This flag sets the scope of the execution policy.

Valid values are:

4. Process: Affects only the current PowerShell process.
   
5. CurrentUser: Affects only the current user.
   
6. LocalMachine: Affects all users of the computer.
   
7. To remove an execution policy from a particular scope, set the execution policy for that scope to Undefined.
   

Execute a single Remote command

To run a command on the remote system, use the Invoke-Command cmdlet using the following syntax:

Invoke-Command -ComputerName COMPUTER -ScriptBlock {COMMAND} -credential 

“COMPUTER” represents the remote PC’s name or IP address. “COMMAND” is the command you want to run. 

Using Invoke-Command -ScriptBlock on a local function with arguments:

Invoke-Command -Credential $c -ComputerName COMPUTER –ScriptBlock ${function: Functionname} -ArgumentList $x, $y,

Parse output of Remote Command

$variablename=Invoke-Command -ComputerName COMPUTER -ScriptBlock {COMMAND} -credential 

foreach ($xyz in $variablename) 

{ 

$xyz

}