On Windows 7 and later releases of the Operating System, it is possible to use PowerShell Remoting.
This service provides the user with PowerShell terminals and allows him to execute PS scripts on remote computers. Once the connection to the remote computer is established, all PS feature are available, like to mount network shares or installing software from the command line.
From now on, the machine which will issue the PowerShell commands will be called ‘Client’, while the one which will execute the commands will be called ‘Server’.
First of all, the PowerShell Remoting service should be enabled on the Server (it is disabled by default).
In case the Server is not part of an Active Directory Domain:
- Start a PowerShell with Administrator privileges.
- From start menu, select PowerShell shortcut and right-click it. In the contextual menu, select Execute as Administrator.
- Once the PowerShell windows is open with the correct privileges, execute the command:
- Server | PS > Enable-PSRemoting
- The command:
- starts WinRM services.
- enables WinRM services autostart.
- configures the Windows Firewall to allow WinRM incoming connections.
In case the Server is part of an Active Directory Domain, a set of GPOs policies can be used.
The GPOs, basically, performs the same operations described above.
The first GPO will enable the WinRM service:
- Create a new GPO
- In GPO editor, select
Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service
OpenAllow Remote Server management through WinRM
policy setting and set the policy to Enabled. - Set IPv4 and IPv6 filters to
*
or as needed
The second GPO will create the Windows Firewall rule to accept remote connections:
- In GPO editor, select
Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall… > Inbound Rules
- Right-click and select New Rule…
- Select the radio button Predefined and
Windows Remote Management
- Click Next
- Click Next, select
Allow
the connection and then Finish.
After having enabled WinRM services, both Server and Client should trust each other. If both PCs are part of the same Domain, they already trust each other.
Conversely, if they are not in the same Domain, their trusted host list should contain the other PC’s address.
To set the Trusted Host’s list it is possible to run in a PowerShell:
Client and Server | PS > Set-Item wsman:\localhost\client\trustedhosts <ip1>,< ip2>,< ip3>
The argument of the command is a comma separated list of IP addresses. It is possible to use the * character to specify ranges of IPs.
The value of the Trusted Hosts setting can be obtained with the command:
Client and Server | PS > Get-Item WSMan:\localhost\Client\TrustedHosts
To apply the new Trusted Hosts setting it is needed to restart the WinRM service using the command:
Client and Server | PS > Restart-Service WinRM
Once the TrustedHosts setting is properly configured we can start a remote PowerShell with the command:
Client | PS > Enter-PSSession -ComputerName <COMPUTER> -Credential <USER>
where <USER> is the name of the user on the remote computer.
To execute a command on the remote machine and get the output on the local machine the syntax is:
Client | PS > Invoke-Command -ComputerName <COMPUTER> -ScriptBlock { <COMMAND> } -credential <USERNAME>
Before the execution, the credentials for the user <USERNAME> will be asked.
There is a simpler and immediate mode: use the Praim Agile software.
The Agile devices can receive third-party software packages through a simple process included in the ThinMan management console.
In this way the procedure described just above is not necessary, the process becomes elementary and enables the IT manager to perform all the management tasks directly from the console on all devices or groups.
For more technical details see the section Third party Software Installation of the wiki page:
https://wiki.praim.com/display/ThinMan/Contextual+Menu+-+Device+Update+for+Windows+Embedded