Beginner-friendly tutorial on PowerShell remoting

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone today we're going to do Powershell remoting we're going to look at how to actually take one computer and control it remotely from another computer with Powershell over our Network we can also do fun things like fan out and fan ins where we can take one computer and actually send commands to multiple computers all at once we'll use commands such as invoke command and we'll create sessions with new PS session join me now to go through Powershell remoting let's get on with it [Music] let's take a look at my whiteboard and the diagram for what we're going to do so I have a few virtual machines I have a virtual machine called DC this is going to be our domain controller because all of our computers are connected to just an internal domain we're going to have a member server called svr this server is not doing anything this server is just an individual server running Windows Server itself ready for us to remotely connect to and actually send commands to it we also have a client machine this client machine here is going to run Windows 11 and this is what we are going to connect to to send commands to our remote systems here on Windows 11 we're going to run Powershell and when we run Powershell on Windows 11 we're going to use a couple of commands we are going to use a command called invoke Dash command and this invoke Dash command command is going to allow us to send Powershell commands from our Windows 11 machine out remotely to one of our individual computers we can also with this invoke command command actually send commands not just a one but to multiple computers in serial we're also going to look at something else we're also going to look at another command called enter Dash PS session and combine this with another command new Dash PS session this is going to allow us to create more permanent tunnels between these computers that we're working with between this DC and between this svr so these connections here could now be converted into full active sessions and allow us to reconnect to them and send lots of commands in parallel let's get straight into actually looking at how that works okay so here I am on my active development environment and I have my three computers ready to work with I have my DC and I have my svr one and I also have my windows 11 client machine so let's go into my windows 11 client machine here and let's actually start to run some Powershell commands so here I am on my windows 11 environment and I've just got Powershell launched this if I run Donna PS version table it's just Powershell version 5.1 we're not even going to work with the Powershell version 7 but what I'm about to show you would work with Powershell version 7 as well now we've got many many commands on this computer if I run something like get command pipe measure Dash object you'll actually see the pre-loaded I've got 1730 commands on this machine but these are commands for this computer this Windows 11 machine so if I run something like for example get Dash service and do name spooler just to go and look for the principal service that is related to this computer now some commands have actually built in remoting systems so for example this get service command if I go and run this again get Dash service and put a dash on the end of it there's a dash computer name there I can even give this a remote computer in here and then the same name spooler and that's going to return the spooler that's not running on this machine but it's running on the DC some commands don't have built-in remoting like for example if I run the command of get Dash date that's just going to retrieve the date and time on this machine not particularly interesting but what you will find is if you look at get Dash help get Dash date there isn't actually a dash computer name option here some commands have built in remoting some do not but we can still send commands and scripts to remote machines we can do that by using this command invoke Dash command now invoke Dash command needs two main parameters for this to work the first one is Dash computer name specifying the remote computer I want to actually run this command against so Dash DC the second component to this is script block script block is going to be the code or the script that I want to actually send to this remote computer so what I need is I need two Carly brackets here anything I put inside these two curly brackets this is going to be the code that's sent to the remote machine so if I put inside here get Dash date that command does not run here on this Windows 11 computer this command runs on the remote domain controller command it somewhere else there has to be some type of authentication here this is not prompting me for any usernames and passwords why why is that well if I type who am I you'll find that I'm currently logged into this computer with open Skynet backslash mic this account here is actually part of the Enterprise admins group it already has permission to actually execute commands over here on this domain controller now what about if I wanted to use a different account maybe I didn't have an account that had permission to do that maybe I wanted to insert an admin account well what I need to do is I need to get myself some credentials I need to get these usernames and passwords and store them now there's many different ways of doing this some good some very very very bad if you're trying to store this in plain text but here's a simple way run a variable called dollar creds and use this command get Dash credential and when you run the command get Dash credential you will get a prompt Box come up this will allow us to securely store within that variable a username and password combination so in this case I'm going to use the complete administrator account for the open Skynet domain I'm going to store that as that dollar credential variable if I call that variable dollar creds just see what's inside it you'll see it contains a secure string for the password encrypted password and my username open Skynet backslash administrator I can use this now as part of that invoke command so I can do invoke Dash command Dash computer Name DC Dash script block and then I can run the script block that I want to run maybe again I want to learn something really simple like get Dash days to find out what the date and time is on that computer and then I can run this final thing called Dash credentials you can't just put in a username in here you have to previously store that credential as a variable and then pass it back into the command so if we put Dash credential dollar creds in here that will return that information to us but to do that and authenticate to the other system it is use the credentials that were stored in that variable now what you can also do here with this invoke command is you can actually fire things against multiple computers if you want to if we look very quickly if we take a look at some of the help for that for that invoke command get Dash help invoke Dash command what you'll be able to see here is if we zoom in a little bit our computer name section here actually takes a string with two square brackets and when you see string with two square brackets that means array that means this can take multiple entries so if I take this command invoke command with both DC and svr1 and I find that at both of those computers at the same time with my credentials that I've stored before you will see that I'm actually getting the results for DC and svr1 now one of the issues here is the way that this works this is serial it's sending the command to the first computer it's waiting for that to return it's then sending the command to the next computer and it's waiting for that to return if the first computer hasn't returned it never gets to the second machine it waits to time out this could be very problematic if you're running large lists of computers because we could variabilize that computer list if we wanted to so instead of running something like invoke command DC and svr1 what we could do is we could create a computer list so we could do dollar computers is equal to DC and sbr1 and store that as a variable now we could run this same command again but change this computer name list around to Dollar computers and we'll run it again you see we still get the same results it's grabbing that list from a variable now another thing we could do here is we could make a more permanent connection to a machine if we really wanted to so if I just clear this information down again if I use the command enter Dash PS session Dash computer name and pass a computer name like DC you'll notice immediately a remote connection has been made I am now on the domain controller completely remotely in a permanently open session so I can prove that by doing dollar EnV colon computer name run that and you'll see I'm on the domain controller itself even if I do an ipconfig I'm on the domain controller itself now if I wanted to exit this and go back to my windows 11 machine all I have to do is type exit and I'm done you can see I'm now dropped back to my windows 11 computer we can also store sessions in variables as well and actually send commands down these different pipes these different sessions that we're actually building so if I create a new variable called DC sesh here and I use an equal sign and pop in a command new Dash PS session Dash computer Name DC that has now made a connection to the DC one of these tunnels to the domain controller and he's keeping that open for me in the background and I can now send things down that tunnel whenever I want okay so if we look at Dollar DC sesh I've got one ID there I've got a computer name called DC I've got remote machine currently open and that's an available session to me so I could use that with invoke Dash command again so if I use invoke command instead of using Dash computer name what I can do now is I can use Dash session and use dollar DC sesh on here and then use my script block to run a command like get Dash service and run that great now there's something more interesting that we can do with this as well we can actually have multiple sessions opened at the same time so what I'm also going to do here is if I run get Dash PS session you'll notice that I have this connection to the domain controller if I drop this Powershell shell now and I launch a new Powershell shell and I run get Dash PS session again you will see I have no connections those PS sessions are only alive for the time that this shell is alive that this actual environment is live so let's make a PS connection to multiple so let's do dollar sesh is equal to new Dash PS session Dash computer Name DC comma svr1 and let's do Dash credentials is equal to and put this in Brackets here rather than a separate variable get Dash credential so it's going to prompt me for credentials don't forget the brackets this needs to execute first before the rest of the command so let's just do open Skynet backslash administrator and pop in my password now I have a session to both of these at the same time I have two tunnels going here so if I do dollar sesh you'll see I've got a connection to DC and I've got a connection to sbr1 so now if I do invoke Dash command Dash session dollar sesh and then do Dash script block get Dash service spooler again you'll see the same two results come back but there is a huge difference here between running this into sessions and running this with invoke command when you run this with invoke command it's serial it's one after the other after the other after the other after the other and if one of those servers lags out if one of those servers times out the amount of time it's going to take to process is going to take so long also it will not move on to the next computer in that serialized list until the first computer has completed its command what we're doing here with sessions is we're running in parallel we're doing this as a fan out operation we're firing this command both of those computers at the same time and they're both processing at the same time and returning back to our machine underneath now there is a slight flaw with this one even though it's much faster because we have parallel operations it does mean that those computers may actually return things out of order so if you're expecting the first computer to return the first result and the second computer to return the second result that might not entirely be the case they may come back in a slightly random order but we can always organize that information later on and we can use our filters and we can use our format lists and we can use our format tables to make all that information look pretty for us in the end so this kind of concludes a brief introduction into Powershell remoting and the two major commands that you need to run in Powershell to do remoting of other systems invoke command and PS session I hope you'll join me next time because there's a lot more to learn about Powershell remoting it gets a heck of a lot more complicated when you take it out of the context of two machines and start to go from 2 to 20 to 30 to 40 to 50 to 100 to a thousand computers or however many machines it is you need to send remote commands to or extract data from and you know the routine hashtag like And subscribe and I hope you enjoyed this video and will join me next time goodbye [Music]

Info

Channel: Mike in the Cloud

Views: 10,690

Rating: undefined out of 5

Keywords:

Id: 1vUs_EO1AN4

Channel Id: undefined

Length: 17min 0sec (1020 seconds)

Published: Sun May 14 2023