Don’t know how to run Scripts on Remote Computers? We can help you.
PowerShell helps us to run commands remotely on one or more computers in our network.
As part of our Server Management Services, we assist our customers with several such queries.
Today, let us see how to run scripts on Remote Computers.
Run Scripts on Remote Computers
The Invoke-Command cmdlet uses remote management features from PowerShell Remoting.
PowerShell Remoting allows connecting remotely to PowerShell sessions on computers via WinRM service and WS-Management protocol.
In this article, our Support Techs shows how to use the Invoke-Command cmdlet to run PowerShell commands remotely.
Configure WinRM for PowerShell Remoting
PowerShell Remoting uses HTTP or HTTPS to communicate between computers.
In order to begin, the remote computer we are going to connect should run WinRM.
To check the WinRM service status, we run:
Get-Service -Name “*WinRM*” | fl
We start the service if it is not:
Enable-PSRemoting
WinRM has been updated to receive requests. WinRM service started. WinRM is already set up for remote management on this computer.
This command starts the WinRM service, sets the default winrm settings, and adds exception rules to Windows Firewall.
Then we can connect to the computer remotely using PowerShell Remoting.
However, if the network type is Public, the command returns the following error:
Set-WSManQuickConfig : … WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.
In such a case, we change the network location to Private or use the command:
Enable-PSRemoting –SkipNetworkProfileCheck.
Also, enable the Windows Defender Firewall rule that allows access to WinRM in public networks:
Set-NetFirewallRule -Name ‘WINRM-HTTP-In-TCP’ -RemoteAddress Any
In order to test the connection to a remote computer via PowerShell Remoting, we run:
Test-WsMan compname1
If we do not have an Active Directory domain, we use the NTLM protocol for authentication.
When using NTLM, if we try to run Invoke-Command we may come across the error:
PS C:\> Invoke-Command -ComputerName 192.168.1.201 -ScriptBlock {get-services} [192.168.1.201] Connecting to remote server 192.168.1.102 failed with the following error message: The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: thetransport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. + FullyQualifiedErrorId: CannotUseIPAddress,PSSessionStateBroken
To make NTLM authentication work on a computer to connect, we need to issue an SSL certificate or add the hostname/IP address to the trusted host list:
Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.1.201
Or we can allow connection to all computers.
Set-Item wsman:\localhost\Client\TrustedHosts -value *
We must apply the same settings to remote hosts.
To display the list of trusted hosts, we run:
Get-Item WSMan:\localhost\Client\TrustedHosts
Eventually, to apply the changes, restart WinRM:
Restart-Service WinRM
We can also enable and configure WinRM using Group Policies.
Run PowerShell Commands Remotely Using Invoke-Command
The Invoke-Command cmdlet allows us to run a command on more than one remote computer.
For example, to run a single command on a remote computer, use:
Invoke-Command -ComputerName dc01 -ScriptBlock {$PSVersionTable.PSVersion}
This command will display the PowerShell version on the remote computer. Enter the command to be run on a remote computer in the -ScriptBlock {[cmdlet]} block.
By default, a command sent via Invoke-Command executes as the current user on a remote computer. To run it as another user, request the user credentials and save them to a variable:
$cred = Get-Credential
Invoke-Command -ComputerName dc01 -Credential $cred -ScriptBlock {Get-NetAdapter}
This displays the list of network interfaces on a remote computer.
We can enter more than one command in the ScriptBlock. For example, the following command displays the current time zone and change it to another one:
Invoke-Command -Computername dc01 -ScriptBlock {Get-TimeZone| select DisplayName;Set-TimeZone -Name “Central Europe Standard Time”}
Invoke-Command allows to run not only individual commands, but also run PowerShell scripts. To do it, instead of –ScriptBlock it uses the -FilePath argument.
In this case, we specify the path to the local PS1 script file on the computer:
Invoke-Command -ComputerName DC01 -FilePath C:\PS\Scripts\CheckSMBversion.ps1
Use Invoke-Command to Run Commands on Multiple Computers
We can use the Invoke-Command to run commands on multiple remote computers simultaneously.
In the simplest case, name the computers to run PowerShell commands separately with commas:
Invoke-Command server1, server2, server3 -ScriptBlock {get-date}
We can place the list of computers into a variable:
$servers = @(“server1″,”server2″,”server3”)
Invoke-Command -ScriptBlock { get-date} -ComputerName $servers
Or get from a text file:
Invoke-Command -ScriptBlock {Restart-Service spooler} -ComputerName(Get-Content c:\ps\servers.txt)
In addition, we can get a list of computers in AD using the Get-ADComputer cmdlet or the PowerShell module.
To run a command in all Windows Server hosts in the domain, use the following PowerShell code:
$computers = (Get-ADComputer -Filter ‘OperatingSystem -like “*Windows server*” -and Enabled -eq “true”‘).Name
Invoke-Command -ComputerName $computers -ScriptBlock {Get-Date} -ErrorAction SilentlyContinue
If a computer is off or unavailable, the script will not stop due to the SilentlyContinue parameter and will continue to run on other computers.
To understand from where the result came, use the PSComputerNamee environment variable.
$results = Invoke-Command server1, server2, server3 -ScriptBlock {get-date}
$results | Select-Object PSComputerName, DateTime
Invoke-Command on multiple computers run simultaneously. It has a restriction on the maximum number of computers to manage at the same time (the default value is 32).
If we want to run a command on more than 32 computers (128, for example), we can use –ThrottleLimit 128.
[Need help with the process? We are here for you]
Conclusion
In short, our Support Techs has shown us how to Run Scripts on Remote Computers.
0 Comments