System Administrators coming from the Linux world are accustomed to using SSH and bash scripts to manage remote machines. The same concept can be used for managing Windows machines through PowerShell by enabling the remoting feature.
A number of articles are around explaining each command and how remoting in PowerShell works. Therefore, this article only provides the necessary steps to quickly enable the PowerShell remoting.
Enabling PowerShell Remoting
Enabling the remote feature of PowerShell requires that both the target and source machines be configured.
It is important to keep in mind that enabling PowerShell Remoting on the target machines is not enough for the two systems to communicate.
Enabling PowerShell Remoting on Target machines
# Enable the PSRemoting on all interfaces even the Public Network Interfaces
Enable-PSRemoting -Force -SkipNetworkProfileCheck -Verbose
# Allow only remote access from specific computers
Set-Item WSMan:\localhost\Client\TrustedHosts -Value '[List of IPs or Computer Names from where commands originate]'
# If the remote commands are sent from computers not on the same workgroup, open the WinRM Public interface in the firewall
Set-NetFirewallRule –Name "WINRM-HTTP-In-TCP-PUBLIC" –RemoteAddress Any
# Configure the machine to accept remote commands
Set-WSManQuickConfig
# Restart the WinRM service
Restart-Service WinRM
Line 4 in the above script is the most important line. Powershell Remoting is by default closed for all machines. That is, even if the Enable-PSRemoting is executed, still no other machine can send remote commands. Providing a comma separated list of IPs and Computer names to the Trusted Hosts will allow the specified machines to send remote commands.
Note: It is possible to allow all machines to send remote commands by setting the value in line 4 to ‘*’. However, this should only be used for testing purposes.
Enabling PowerShell Remoting on Source machines
# Enable the PSRemoting on all interfaces even the Public Network Interfaces
Enable-PSRemoting -Force -SkipNetworkProfileCheck -Verbose
# Allow only remote access from specific computers
Set-Item WSMan:\localhost\Client\TrustedHosts -Value '[List of IPs or Computer Names to where commands will be sent]'
# Restart the WinRM service
Restart-Service WinRM
Similar to the target machines, the source machines require a list of Trusted Hosts to which they can send commands.