Skip to main content

Enabling PowerShell Remoting and Remote Administration - Windows 2008 R2 Server Core

Enabling Powershell Remoting and Remote Administration - Windows 2008 R2 Server Core

Following on from my post Enable WinRM via Group Policy, there as some follow on tasks to ensure server core is manageable via powershell and server manager.

Add Firewall Rule
To start with, to allow GUI remote management of the event viewer, another firewall rule needs to be added :

Computer Configuration / Policies / Windows Settings / Security Settings / Windows Firewall with Advanced Security

Create an Inbound Rule allowing the predefined group 'Remote Event Log Management'


Install powershell and packs
Next, as server core is the only version of Windows Server 2008 R2 that does not install Powershell V2 by default, we need to install powershell and which ever cmdlet management pack we need. In this case I am only going to install the server manager and AD cmdlets.

Winrs -r:$dc.name Ocsetup MicrosoftWindowsPowerShell
Winrs -r:$dc.name Ocsetup ServerManager-PSH-Cmdlets
Winrs -r:$dc.name Ocsetup ActiveDirectory-PowerShell

Restart services
To complete the task, we need to stop and start the WinRM service to register the services now available. As we will be stopping the Winrm Service, we can use it to stop the service, but not to start it again. To get around this, I have used WMI to connect to the remote server.

$service = gwmi -Class Win32_Service -ComputerName $DC.name | where {$_.name -eq "winrm"}
stop service"
$service.StopService()
#let the service stop before trying to start in again
Start-sleep 2
"start service"
$service.StartService()

Finally, I have read in from a csv list of servers to process. Actually I ran a remote job with the script from this post and output the servers that failed and exported to csv:

$job.childjobs | where {$_.State -eq "Failed"} | Select location | Export-Csv dclist.csv -NoTypeInformation

The complete script

Foreach ($DC in $(Import-csv dclist.csv)){
   Winrs -r:$dc.location Ocsetup MicrosoftWindowsPowerShell
   Winrs -r:$dc.location Ocsetup ServerManager-PSH-Cmdlets
   Winrs -r:$dc.location Ocsetup ActiveDirectory-PowerShell
   $service = gwmi -Class Win32_Service -ComputerName $DC.location | where {$_.name -eq "winrm"}
   "stop service"
   $service.StopService()
   #let the service stop before trying to start in again
   Start-sleep 2
   "start service"
   $return = $service.StartService()
   #check the service has started, if not try again
   if ($return.returnvalue -ne 0){$service.StartService()}
}

After setting the GPO to enable winrm, adding the firewall rules to manage event logs remotely, ensuring the PowerShell componenets are installed and the service have been restarted, your server core installs should be easily managed remotely.

Comments

Popular posts from this blog

PowerShell 3 behavioural change

It's taken me way too long to get into PowerShell 3, I guess opportunity hasn't shown it's self until now and so, here, my V3 journey begins.

I was asked to debug a script that would run fine in PS v2 and not in v3.  The issue was a that a variable length was being checked and was failing in v3.  This is why...

In v2 if a variable is undefined, this test returns false

PS C:\windows\system32> $var.length -eq 0
False

In v3 the same test returns true....

PS C:\windows\system32> $var.length -eq 0
True

Not a biggie, but as in this case, a script has broken so something to consider!

cheers

Adam

Enable Powershell Remoting (WinRM) via Group Policy

I have been doing some testing on enabling WinRM via group policy, being that WinRM is the service that Powershell v2 sets up it remoting capabilities. Here are the GPO settings that you need to configure WinRM ....


set the winrm service to auto start


Computer Configuration \ Policies \ Windows Settings \ Security Settings \ System Services


Windows Remote Management (WS-Management)  set Startup Mode to Automatic

start the service


incorporated in to the above - you may need a restart.


create a winrm listener


Computer Configuration / Policies / Administrative Templates / Windows Components / Windows Remote Management (WinRM) / WinRM Service / Allow automatic configuration of listeners


IPv4 filter: *


* is listen on all addresses, or if you only want a particular IP address to respond use an iprange eg 10.1.1.1-10.1.1.254 - don't forget that this IP range has to be valid for all hosts that fall in the scope of the GPO you are creating.  You can use 10.1.1.1 - 10.1.1.254,10.1.1.3 - 10.1.4.254 …

compare-object in Powershell - comparing mulitple values

I'm starting to use compare-object more and more, and one thing I noticed, is that you can compare 2 objects based on multiple attributes. here is how it is constructed...
Compare-Object -ReferenceObject $object1 -DifferenceObject $object2 -Property a,b,c,d,eIf a,b,c and d are the same, but e is different, compare object will return a difference. In the following example, I use "-eq $null" as a check because by default compare-object returns $null if the objects are the same.
#create an array of objects to check against

$collection = @()
foreach ($entry in ("aaaaa","bbbbb","ccccc","ddddd")){
   $store = "" | select "a","b","c","d","e"
   $store.a = $entry*1
   $store.b = $entry*2
   $store.c = $entry*3
   $store.d = $entry*4
   $store.e = $entry*5
   $collection += $store
}

#create an object similar to those in the array
$object = "" | select "a","b…