Tip

Tips for running PowerShell against remote Windows 7 desktops

Setting up PowerShell to manage remote Windows 7 desktops can be tricky. These tips help you properly configure PowerShell and use it for remote desktop troubleshooting.

Running PowerShell scripts and cmdlets against remote Windows 7 desktops is simple, but a lot can go wrong during the initial system configuration process. Here, I'll explain how to begin using use PowerShell for remote Windows 7 desktops administration tasks and troubleshooting.

Enabling WinRM
In order to run PowerShell commands against remote desktops, the Windows Remote Management (WS-Management) service must be running on your computer. This service has a default startup type of Manual, so you will have to set the startup to Automatic and then start the service. You can verify that the service is running by opening PowerShell and entering the following command:

Get-Service WinRM

There is some prep work that must be done on the computers you want to manage. The first thing to do is install Internet Information Service (IIS) on all of the desktops that you want to manage. You can do this by opening the Control Panel and clicking on Programs followed by Turn Windows Features On or Off. On the following screen, select Internet Information Services and click OK.

After IIS is installed, start the Windows Remote Management (WS-Management) service. Next, you need to configure the Windows Remote Management Service (WinRM) to use IIS as a listener. Windows 7 provides an automated way of doing this. Simply open an elevated Command Prompt window and enter the following command:

WinRM QuickConfig

This command automatically configures the startup type for the WinRM service, enables firewall exceptions and sets up the WinRM listener. As you can see in Figure A, you will be prompted to confirm each action.

Testing Remote PowerShell
The easiest way to test your ability to run PowerShell commands against a remote Windows 7 PC is by running a command to return the computer name, using the following command:

Gc env:computername

If you want to run the same command against a remote computer, you would use this command:

Invoke-command –ComputerName <the name of the remote computer> -ScriptBlock {GC ENV:computername}

For example, I ran this command against a remote computer named Lab-W7 (Figure B). You can see that the command returned the computer name. Obviously, this command wouldn't be very useful in the real world because you already know the computer name. In fact, the computer name was included in the command itself. Even so, this command is a great way to confirm that you are indeed connected to the remote system.

More PowerShell commands
Although the command shown above only returned the name of the remote computer, you can run any command you want against the remote computer. Simply replace the text between the {} braces with the command that you want to run.

This technique is useful if you only need to run a single command. If you need to run a series of commands, you are better off using the New-PSSession cmdlet.

One more thing you need to know about the technique that I showed you is that it can be used to run a command against multiple remote computers. All you have to do is specify all the computer names that you want to run the command against. Computer names should be separated with a space.

Remote PowerShell pitfalls
As I said at the beginning of this article, a lot can go wrong when you attempt to use PowerShell for remote desktops. When I was writing this article, the WinRM QuickConfig command would lock up and eventually error out. It was only after six hours of troubleshooting that I discovered that my antivirus software was blocking access to remote PowerShell.

You may also run into permissions problems. The account that you are logged into must have administrative permissions on any remote computers that you are trying to manage.

Another thing to check is that the local computer must be able to resolve the remote computer's IP address. If DNS resolution isn't working properly, you can specify an IP address within the command rather than a computer name.

Firewalls can also cause WinRM to fail. The firewall must be able to accept inbound and outbound HTTP traffic. The WinRM QuickConfig command enables exceptions in the Windows Firewall, but you have to manually configure firewall exceptions if you are using a third-party firewall. It is worth noting that WinRM 1.1 and earlier versions used TCP Port 80. However, WinRM 2.0 (which is the version used by Windows 7) uses port 5985 instead.

Finally, if you run into authentication problems, it may be necessary to designate the remote machine as a trusted host. Suppose, for example, that I needed to designate a remote computer named Lab-W7 as a trusted host. On the local computer I would enter this command:

WinRM s winrm/config/client '@{TrustedHosts="Lab-W7"}'

As you can see, it can take a bit of tinkering in order to be able to run PowerShell commands against a remote desktop. Even so, the process is very smooth once the system is properly configured.

Read more from Brien M. Posey

ABOUT THE AUTHOR:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.

Dig Deeper on Virtual and remote desktop strategies