0207 | The Power in the Shell | Remoting
The Power in the Shell | Remoting
- standards based management --> ws management protocol -->
winrm(an implementation of that) winrmis the service running underneat all that- advantages:
- only one port (easy to add to firewall)
- secure port
- fast
- not simple http (all encrypted with kerberos) | can also add ssl (to be encrypted twice)
Enable Remoting
- already enabled since server 2012
- via ps | for each alone
enable-psremoting - via gui | enable as a group policy
Computer Configuration/Policies/Administrative Templates/Windows Components/Windows Remote Management (WinRM)/WinRM Service
One-To-One | Establish a 1-to-1 Connection
enter-pssession -computername dc
# single session with server 2012
# Creates connections to Remote Desktop Session Host servers or other remote computers and edits an existing Remote Desktop Connection (.rdp) configuration file.
mstsc /v:dc
One-To-Many | Establish a 1-to-X Connection | Run a command
# with -ComputerName it's using ps-remoting
invoke-command -ComputerName dc,s1,s2 {get-eventlog -logname system -new 3}
# nicely formatted
invoke-command -Computername dc,s1,s2 {get-eventlog -logname system -new 3} | sort timewritten | format-table -property timewritten, message -autosize
# or restarting systems
invoke-command -ComputerName dc,s1,s2 {restart-computer}
# getting a service status
invoke-command -computername dc,s1,s2 {get-service -name bits}
# 1 - create a connection to that remote machine
#-- tcp connection -- powershell connection
Establishing the Remote Connection | Steps
- like for (
invoke-command -computername dc,s1,s2 {get-service -name bits}) - create a connection to that remote machine
- tcp connection
- fire up a powershell connection
- load .net
- load powershell
- take the code and send over the wire
- login (using your credentials)
- execute the code on the remote system
- get the resulting objects and serialize them
- move the serialize objects accross the wire
- deserialize (reconstitute) the objects on the commanding machine
- admit the object as if they have happened on the commanding machine
Serialization
- take the object, transform it to something that can be moved around and reconstructed anywhere (like linux without .net)
- essentially the objects are turned into a bag of properties
- properties have names and values and the values have types
- the types are basic types, like 64bit int, strings...
- take the property bag, turn them into xml, move it over and reconstruct
Universal Code Execution
- example | 1
get-service -name bits
# will be run as
invoke-command {get-service -name bits} - example | 2
# system.serviceprocess.servicecontroller
# live object, with methods and such
invoke-command {get-service -name bits} | gm
# deserialized.system.serviceprocess.servicecontroller
# almost all methods are gone
# you only have a representation of the object
invoke-command -comp s1 {get-service -name bits} | gm
Windows PowerShell Web Access
# install the web access feature
# it will install IIS, -gt .NETv4.5, on -gt server 2012
Install-WindowsFeature WindowsPowerShellWebAccess
# listing the cmd-lets in the module
# powershell web access
get-help *pswa*
# install the web application - https
# if you do not have a certificat for the web app -UseTestCertificate - expires in 90 days
install-pswawebapplication -UseTestCertificate
# add authorizations/create roles -- what should happen
add-pswaauthorizationrule -username <domain\user |computer\user> -computername <computer> -configurationname adminsonly
# add authorizations -- ONLY FOR TESTING - UNSAFE - everybody can do anything to everything
add-pswaauthorizationrule * * *
Example | Get shares from the machines to determine the most free space for a new share
# icm is shorthand for invoke-command; positinal so no -comp
icm dc,s1,s2 {get-volume} | sort sizeremaining
# given a huge number of results, select only the last 3
icm dc,s1,s2 {get-volume} | sort sizeremaining | select -last 3