Executing remote commands in Powershell 1 required a good deal of knowledge of powershell and the use of SysInternals' PsExec tool. It had it's drawbacks and inherent insecurites. Perhaps you wanted to remote deploy a SharePoint 2007 package from a TFSBuild script. If the Build Service account doesn't have access to the server or to deploy to SharePoint, psexec needs to have credentials in the command. It works, but not secure. Depending on how much access you have to the build environment, it might be the only option. Using PsExec to deploy packages to SharePoint 2010 throws errors and all attempts thus far have failed. Below is an example adapted from Lee Holmes:
Powershell Remote Execution with PsExec1 2 3 4 5 | $expression = "C:\SharePointDeploy\Deploy.ps1";
$commandBytes = [System.Text.Encoding]::Unicode.GetBytes($expression)
$encodedCommand = [Convert]::ToBase64String($commandBytes)
psexec /acceptEula /username domain\SPServiceAcct /password s0meP@ssw0rd \\server cmd /c "echo . | powershell -EncodedCommand $encodedCommand"
cmd /c pause
|
We can use the Windows Remote Management (WinRM) to enable a better, faster remoting experience. Both computers must be set up to allow WinRM. First set up the "remote" server:
Script for Server Computer1 2 3 | Enable-PSRemoting -force
Enable-WSManCredSSP –role Server -force
Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1000
|
Before we get the client setup we need to setup the client computer, WinRM cannot be setup when connected to public networks or have network adapters set to public category. Continue after the below script if this doesn't apply. If this is the case, those networks need to be changed to not public. I HIGHLY recommend
not being connected to untrusted networks when setting this up.
Change network Connection Type to Private1 2 3 4 5 6 7 8 9 10 | $nlm = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"));
$connections = $nlm.getnetworkconnections();
$connections | % {
Write-Host "Connection " $_.getnetwork().getcategory();
if ($_.getnetwork().getcategory() -eq 0)
{
Write-Host "Setting connection to private.";
$_.getnetwork().setcategory(1);
}
}
|
It is time to setup the local computer which will be sending the commands to the remote computer. A security decision must be made as to which computers the local computer needs access to. Pass the computer(s) in the arguments.
Script for Client Computer1 2 3 4 5 | param (
$machines = $(throw "machines is required.")
)
Enable-PSRemoting -force
Enable-WSManCredSSP –role Client –DelegateComputer $machines -force
|
Now that the environments are setup, the following can be used to connect to the remote server.
Connect to the remote machine1 2 | Enter-PSSession -ComputerName name.domain.com
|
If you need to specify which user to connect as or use CredSSP, you can use the following (this is needed when you want to get into SharePoint 2010):
Connect to the remote machine with CredSSP1 2 | Enter-PSSession -ComputerName name.domain.com -Authentication CredSSP -Credential $([Security.Principal.WindowsIdentity]::GetCurrent().Name)
|
Finally, to clean up. To exit out of the session:
Connect to the remote machine with CredSSP1 | |
In a future blog post I will cover using New-SPSession.
I adapted some of the Windows Remote Management (WinRM) parts of Zach Rosenfield's
Remote Install of SharePoint (with SPModule) post for the purposes of this post. I probably could have found it in a million different places, but that was the site I found the information on.
