locked
Executing PowerShell scripts on a remote host RRS feed

  • Question

  • I need to execute a PopwerShell script on a remote host (i.e. to add or remove Windows features).

    The script uses some Powershell commands to be executed on the remote host (i.e. to add or remove Windows features).

    I made part of the job but I am unable to go on...

    After enabling PSremoting on the target host I run a script with the following commands:

    winrm s winrm/config/client '@{TrustedHosts="remoteserver"}'
    $mysession = new-pssession -computername remoteserver -credential remotedomain\remoteuser

    If I enter the above lines interactiverly I can go on interactively by entering:

    Enter-PSSession $mysession

    and execute all the PowerShell commands I need.

    My problem is that everything must be part of a script.

    I attempted using "Invoke-command" with no success: maybe there is a syntax error or it is not the right command to be used in a script.

    Can anybody please provede a sample of a script containing PowerShell commands to be executed on the remore host?

    Regards

    marius

    • Moved by Bill_Stewart Wednesday, July 16, 2014 2:49 PM Abandoned
    Monday, June 2, 2014 5:41 PM

All replies

  • You're on the right track.  You can use Invoke-Command with the same credentials (or PSSession from New-PSSession, if you prefer) to execute code remotely.  The tricky thing, unfortunately, will be the credentials.  Right now you're being prompted to enter a username and password, but in an unattended script, you'd need to have these credentials saved somehow.  That can open up a can of worms, depending on your requirements.

    The simplest way to do this is to hard-code the password in your script.  No one on the planet recomments actually doing this, because well, you've just exposed an admin password to the world.

    The safest way to do this is to log on as the same account that will be used to run the script, on the same computer where the script will be run, and enter the credentials once manually, and export them to an XML file.  With this approach, the credentials in the XML file will be encrypted with the Windows Data Protection API (DPAPI), and the keys necessary to decrypt that data are only available to the current user, on the current computer.

    If you need to be able to securely save the data and have it read by other users, or on other computers, things start to get more complicated.

    Here's an example of the DPAPI approach:

    # to create the credential file
    
    $cred = Get-Credential
    $cred | Export-Clixml -Path c:\myEncryptedCreds.xml
    
    # to use it later (on the same computer, by the same user)
    
    $cred = Import-Clixml -Path c:\myEncryptedCreds.xml
    
    Invoke-Command -ComputerName SomeComputer -Credential $cred -ScriptBlock {
        Do-Something
    }

    Monday, June 2, 2014 5:54 PM
  • Just use the session variable in the session for Invoke

    Invoke-Command -Session $mysession -ScriptBlock {#myscript}


    ¯\_(ツ)_/¯

    Monday, June 2, 2014 7:07 PM
  • This works on all systems even workgroups.

    $session=new-pssession devws2 -SessionOption $so -UseSSL -Credential domain\userid
    invoke-command $session {dir}
    


    ¯\_(ツ)_/¯

    Monday, June 2, 2014 7:22 PM