2 March 2013

EDIT:  This is my old, kludgey way of doing it.  Please see this new post:  Remotely Enabling WinRM – Improved!

*********************

This post is going to build off of the technique I used in my previous post.  My company only recently deployed Powershell to all of our XP devices.  But neither the XP nor Windows 7 have WinRM enabled by default.  This limits me so I had to seek a way to enable it on the fly.  In the past when I’ve needed to run commands that weren’t “remote-friendly” in Powershell I had to create a scheduled task on the PC to run a batch script.  I figured that was the way I’d need to go with this so I set out to do it.  The tricky part was getting Powershell to run elevated on the Win 7 machines, running as System does not necessarily do that.  With the help of the last post’s discovery I was able to accomplish it, though.  Now I can remotely gather data without interfering with the user!  They say the perfect IT guy is the one that accomplishes his work without the end-user even knowing what’s going on.

I’ve decided to just start attaching my completed script file to make it easier, and it’s commented so it should explain what I’m doing well enough.  I’ve also thrown my info header at the top of the script so that maybe I can get some exposure if these things get passed around. This script requires that you have administrative rights on the remote machine!

In short, what it does is write .bat files to the PC, sets scheduled tasks to run them, runs them manually, and then deletes the .bat files and tasks.

I also want to note the reason I have -skipnetworkprofilecheck added to the bat file inside the script.  This can raise a security concern since it’s going to enable the firewall rule for not only domain and private networks but also public!  If I don’t do this, enable-psremoting will fail on some of our PC’s that run virtual environments such as VMWare (which my group, and some others, use for testing).  The VMWare network adapter (and probably VirtualBox and others are like this) are set as public networks.  If enable-psremoting detects a public network it will NOT do the enabling, even with the -force command.  You’ll see later on in the .ps1 script where I modify the firewall rule to remove public networks.

Ok, here is the script:  EnablePSRemoting

**I haven’t tested this actual script.  The one I use at work is integrated into my console and some of the code in this is actually separate functions in my console.  I’m pretty sure it works though 😉


One Response to “Remotely Enabling PSRemoting (WinRM)”

You must be logged in to post a comment.