Performing remote administration with PowerShell

This lab should take approximately 60 minutes to complete.

Scenario

You’re an administrator for Adatum Corporation and must perform maintenance tasks on a server running Windows Server 2019. You don’t have physical access to the server, and instead plan to perform the tasks using Windows PowerShell remoting. You also have some tasks to perform on both a server and another client computer that runs Windows 10. In your environment, communication protocols such as remote procedure call (RPC) are blocked between your local computer and the servers. You plan to use Windows PowerShell remoting, and want to use sessions to provide persistence and reduce the setup and cleanup overhead that improvised remoting connections will impose.

Objectives

After completing this lab, you’ll be able to:

  • Enable remoting on a client computer.
  • Run a task on a remote computer by using one-to-one remoting.
  • Run a task on two computers by using one-to-many remoting.
  • Create and manage PSSessions.
  • Send commands to multiple computers in parallel.

Lab Setup

Virtual machines:

  • LON-DC1
  • LON-CL1

Username: Adatum\Administrator

Password: Pa55w.rd

For this lab, you’ll use the available virtual machine environment. Before you begin the lab, complete the following steps:

  1. Open LON-DC1, and then sign in as Administrator with the password Pa55w.rd.
  2. Repeat step 1 for LON-CL1.

Exercise 1: Enabling remoting on the local computer

Scenario 1

In this exercise, you’ll enable remoting on the client computer.

The main task for this exercise is:

  • Enable remoting for incoming connections.

Task 1: Enable remoting for incoming connections

  1. Ensure that you’re signed in to the LON-CL1 virtual machine as Adatum\Administrator with the password Pa55w.rd.

  2. Select the Start menu, and then enter powersh.

  3. In the results list, right-click Windows PowerShell or activate its context menu, and select Run as administrator.

  4. To ensure you have the correct execution policy in place, in the Windows PowerShell command window, enter the following command, and then press the Enter key:

    Set-ExecutionPolicy RemoteSigned
    
  5. Select Yes or enter Y to confirm the change.

  6. On the LON-CL1 computer, run the following command:

    Enable-PSremoting -SkipNetworkProfileCheck
    

    If prompted, answer Yes to all prompts by selecting Y. This will enable remoting.

  7. To find a command that can list session configurations, enter the following command, and then press the Enter key:

    help *sessionconfiguration*
    

    Note: Notice the Get-PSSessionConfiguration command.

  8. To list session configurations, enter the following command, and then press the Enter key:

    Get-PSSessionConfiguration
    
  9. Verify that two to four session configurations were created. Leave the Windows PowerShell window open.

Exercise 2: Performing one-to-one remoting

Scenario 2

In this exercise, you’ll connect to a remote computer and perform maintenance tasks.

The main tasks for this exercise are:

  1. Connect to the remote computer and install an operating system feature on it.
  2. Test multi-hop remoting.
  3. Observe remoting limitations.

Task 1: Connect to the remote computer and install an operating system feature on it

  1. Ensure that you’re still signed in to the LON-CL1 virtual machine as Adatum\Administrator with the password Pa55w.rd.
  2. On LON-CL1, to establish a one-to-one connection to LON-DC1, enter the following command in Windows PowerShell, and then press the Enter key:

    Enter-PSSession –ComputerName LON-DC1
    
  3. After you’re connected, to install the Network Load Balancing (NLB) feature on LON-DC1, enter the following command, and then press the Enter key:

    Install-WindowsFeature NLB
    
  4. Wait for the command to complete.
  5. To disconnect, enter the following command, and then press the Enter key:

    Exit-PSSession
    

Task 2: Test multi-hop remoting

  1. To establish a one-to-one remoting connection to LON-DC1, enter the following command, and then press the Enter key:

    Enter-PSSession –ComputerName LON-DC1
    
  2. To establish a connection from LON-DC1 to LON-CL1, enter the following command, and then press the Enter key:

    Enter-PSSession –ComputerName LON-CL1
    

    Note: You should receive an error that’s indicative of the second hop. By default, you cannot establish a connection through an already-established connection.

  3. To close the connection, enter the following command, and then press the Enter key:

    Exit-PSSession
    

Task 3: Observe remoting limitations

  1. Ensure that you’re signed in to the LON-CL1 virtual machine as Adatum\Administrator with the password Pa55w.rd.
  2. To establish a one-to-one connection to LON-CL1, enter the following command, and then press the Enter key:

    Enter-PSSession –ComputerName localhost
    
  3. Enter the following command, and then press the Enter key:

    Notepad
    

    Note: Notice that the shell seems to stop responding while it waits for Notepad to open, because Notepad is a graphical application, and the shell has no way to display the graphical user interface (GUI).

  4. Select Ctrl+C to cancel the process and return to a shell prompt.
  5. To disconnect, enter the following command, and then press the Enter key:

    Exit-PSSession
    

Exercise 3: Performing one-to-many remoting

In this exercise, you’ll run commands against multiple computers. One of those will be the client computer, although you’ll be establishing a second sign-in to it for the duration of each command.

The main tasks for this exercise are:

  1. Retrieve a list of physical network adapters from two computers.
  2. Compare the output of a local command to that of a remote command.

Task 1: Retrieve a list of physical network adapters from two computers

  1. Ensure that you’re still signed in to the LON-CL1 virtual machine as Adatum\Administrator with the password Pa55w.rd.
  2. On LON-CL1, to find a command that can list network adapters, enter the following command in the Windows PowerShell window, and then press the Enter key:

    help *adapter*
    

    Note: Note the Get-NetAdapter command.

  3. To review the Help for the command, enter the following command, and then press the Enter key:

    help Get-NetAdapter 
    

    Note: Note the –Physical parameter.

  4. To run the command on LON-DC1 and LON-CL1 by means of remoting, enter the following command, and then press the Enter key:

    Invoke-Command –ComputerName LON-CL1,LON-DC1 –ScriptBlock { Get-NetAdapter –Physical }
    

Task 2: Compare the output of a local command to that of a remote command

  1. To review the members of a Process object, enter the following command, and then press the Enter key:

    Get-Process | Get-Member
    
  2. To review the members from a remote Process object, enter the following command, and then press the Enter key:

    Invoke-Command –ComputerName LON-DC1 –ScriptBlock { Get-Process } | Get-Member
    

    Note: The second set of results only includes two MemberType of Methods; GetType, and ToString. This is because the remote value TypeName is deserialized in comparison to the local output.

Exercise 4: Using implicit remoting

In this exercise, you’ll use implicit remoting to import and run commands from a remote computer.

The main tasks for this exercise are as follows:

  1. Create a persistent remoting connection to a server.
  2. Import and use a module from a server.
  3. Close all open remoting connections.

Task 1: Create a persistent remoting connection to a server

  1. On LON-CL1, ensure that you’re signed in as Adatum\Administrator with the password Pa55w.rd.
  2. If the Windows PowerShell window is closed, select the Start menu, and then enter powersh.
  3. In the results list, right-click Windows PowerShell or activate its context menu, and then select Run as administrator.
  4. In the Windows PowerShell command window, create a persistent connection to LON-DC1 and store it in a variable. Enter the following command, and then press the Enter key:

    $dc = New-PSSession –ComputerName LON-DC1
    
  5. To review the PSSession list in the variable, enter the following command, and then press the Enter key:

    $dc
    

    Note: Verify that the connection is available.

Task 2: Import and use a module from a server

  1. To display a list of modules on LON-DC1, enter the following command, and then press the Enter key:

    Get-Module –ListAvailable –PSSession $dc
    
  2. To find a module on LON-DC1 that can work with Server Message Block (SMB) shares, enter the following command, and then press the Enter key:

    Get-Module –ListAvailable –PSSession $dc | Where { $_.Name –Like '*share*' }
    
  3. To import the module from LON-DC1 to your local computer, and to add the prefix DC to the important commands’ nouns, enter the following command, and then press the Enter key:

    Import-Module –PSSession $dc –Name SMBShare –Prefix DC
    
  4. To display a list of shares on LON-DC1, enter the following command, and then press the Enter key:

    Get-DCSMBShare
    

    Note: Because this command implicitly runs on LON-DC1, the command will display shares on that computer.

  5. To display a list of shares on the local computer, enter the following command, and then press the Enter key:

    Get-SMBShare
    

    Note: Because you added the DC prefix to the imported commands, the local commands are still available by their original name.

Task 3: Close all open remoting connections

  1. In the Windows PowerShell command window, enter the following command, and then press the Enter key:

    Get-PSSession | Remove-PSSession
    
  2. Note that the command to verify that the remoting session has been closed isn’t explicitly called out in the sample answer script provided at E:\Mod08\Labfiles\ImplicitRemoting.ps1.txt. To verify the remoting connection has been closed, enter the following command, and then press the Enter key:

    Get-PSSession
    

    Note: Verify that no sessions are returned.

Exercise 5: Managing multiple computers

In this exercise, you’ll perform several management tasks against multiple computers, relying on PSSessions to provide persistence.

The main tasks for this exercise are:

  1. Create PSSessions to two computers.
  2. Create a report that displays Windows Firewall rules from two computers.
  3. Create and display an HTML report that displays local disk information from two computers.
  4. Close all open PSSessions.

Task 1: Create PSSessions to two computers

  1. Ensure that you’re still signed in to LON-CL1 as Adatum\Administrator with the password Pa55w.rd.

  2. Open Windows PowerShell if it’s not already open.

  3. To create PSSessions to LON-CL1 and LON-DC1, and to save those in a variable, enter the following command, and then press the Enter key:

    $computers = New-PSSession –ComputerName LON-CL1,LON-DC1
    
  4. To verify the connections, enter the following command, and then press the Enter key:

    $computers
    

    Note: Verify that two connections display as available.

Task 2: Create a report that displays Windows Firewall rules from two computers

  1. To find a module capable of working with network security, enter the following command, and then press the Enter key:

    Get-Module *security* –ListAvailable
    
  2. Note the Net-Security module in the list.
  3. To load the module into memory on LON-CL1 and LON-DC1, enter the following command, and then press the Enter key:

    Invoke-Command –Session $computers –ScriptBlock { Import-Module NetSecurity }
    
  4. To find a command that can display Windows Firewall rules, enter the following command, and then press the Enter key:

    Get-Command –Module NetSecurity
    

    Note: Observe the Get-NetFirewallRule command.

  5. If you want to review the Help for the command, enter the following command, and then press the Enter key:

    Help Get-NetFirewallRule -ShowWindow
    

    Note: If Help isn’t displaying correctly, run the commands from steps 1 to 3 in the Windows PowerShell command window as administrator rather than in Windows PowerShell ISE.

  6. Close the Get-NetFirewallRule Help window.

  7. To display a list of enabled firewall rules on LON-DC1 and LON-CL1, enter the following command, and then press the Enter key:

    Invoke-Command –Session $computers –ScriptBlock { Get-NetFirewallRule –Enabled True } | Select Name,PSComputerName
    
  8. To unload the module on LON-DC1 and LON-CL1, enter the following command, and then press the Enter key:

    Invoke-Command –Session $computers –ScriptBlock { Remove-Module NetSecurity }
    

Task 3: Create and display an HTML report that displays local disk information from two computers

  1. To display a list of local hard drives filtered to include only those with a drive type of 3, enter the following command, and then press the Enter key:

    Get-CimInstance –ClassName Win32_LogicalDisk –Filter "DriveType=3"
    

    Note: Get-CimInstance replaces the deprecated Get-WmiObject cmdlet. Use -ClassName instead of -Class.

  2. To run the same command on LON-DC1 and LON-CL1 by means of remoting, enter the following command, and then press the Enter key:

    Invoke-Command –Session $computers –ScriptBlock { Get-CimInstance –ClassName Win32_LogicalDisk –Filter "DriveType=3" }
    

    Note: Your report must include each computer’s name, each drive’s letter, and each drive’s free space and total size in bytes.

  3. To produce an HTML report containing the results of the previous command, enter the following command, and then press the Enter key:

    Invoke-Command –Session $computers –ScriptBlock { Get-CimInstance –ClassName Win32_LogicalDisk –Filter "DriveType=3" } | ConvertTo-Html –Property PSComputerName,DeviceID,FreeSpace,Size
    

Task 4: Close all open PSSessions

  • To close all open PSSessions, enter the following command, and then press the Enter key:

     Get-PSSession | Remove-PSSession