Remote Powershell over HTTPS -no more hassle

Stop messing with this mess, and set it up right once and for all:

The Powershell remoting is a no brainer on domain joined computers.

However the game tightens a little when configuring this over HTTPS without a domain.

I know people are often struggling with CA’s and the old WinRM command application, taking shortcuts by disabling cert checks etc.

My take on this is to use  only Powershell, read this script and make your changes. Run one line at a time and check the outcome as described. -You are welcome my friend😊

Powershell remote using WinRM and HTTPS

				
					$HostName = $env:COMPUTERNAME
$servercert= new-SelfSignedCertificate -DnsName "$HostName" -CertStoreLocation Cert:\LocalMachine\My
$servercert

Export-Certificate -Cert $serverCert -FilePath C:\share\PsRemoting-Cert.cer

#open Windows Firewall port 5986
New-NetFirewallRule -Displayname 'WinRM - Powershell remoting HTTPS-In' -Name 'WinRM - Powershell remoting HTTPS-In' -Profile Any -LocalPort 5986 -Protocol TCP

#delete all old listener:
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse


#Create a new listener with previously created SSL certificate. 
New-Item -Path WSMan:\localhost\Listener\ -Transport HTTPS -Address * -CertificateThumbPrint $serverCert.Thumbprint -Force

#enable PSremoting service
Enable-PSRemoting -Force

#check listener:
Get-ChildItem wsman:\localhost\Listener

Restart-Service WinRM

#Test connection:
$sessionOptions = New-PSSessionOption -SkipCACheck
Enter-PSSession -ComputerName srv01 -UseSSL -SessionOption $sessionOptions


#import cert on client:
Import-Certificate -FilePath \\Srv01\share\PsRemoting-Cert.cer -CertStoreLocation Cert:\LocalMachine\root\


#Use your remote powershell from client to server and be forever happy:
enter-pssession srv01 -usessl -Credential administrator
				
			

Powershell Remote over SSH

Did you know that you can also connect to Powershell over SSH?
and did you know that you can invoke powershell commands on hundreds of computers simultaneously, and the they will do the work..

Well ,- it’s in the name; it’s Powerful!
The above solution is using WinRM which is a Windows only solution.

I’ll show how you can configure Powershell over SSH to a Ubuntu machine ( but you can also do it on Windows and disabling WinRM alltogether)

Considerations: Powershell 7 (not 5)

 

				
					#First Install Powershell 7 on the Ubuntu machine
#https://learn.microsoft.com/en-us/powershell/scripting/install/install-ubuntu?view=powershell-7.3
#the steps

###################################
# Prerequisites

# Update the list of packages
sudo apt-get update

# Install pre-requisite packages.
sudo apt-get install -y wget apt-transport-https software-properties-common

# Get the version of Ubuntu
source /etc/os-release

# Download the Microsoft repository keys
wget -q https://packages.microsoft.com/config/ubuntu/$VERSION_ID/packages-microsoft-prod.deb

# Register the Microsoft repository keys
sudo dpkg -i packages-microsoft-prod.deb

# Delete the the Microsoft repository keys file
rm packages-microsoft-prod.deb

# Update the list of packages after we added packages.microsoft.com
sudo apt-get update

###################################
# Install PowerShell
sudo apt-get install -y powershell

# Start PowerShell
pwsh
				
			
				
					#install the module
Install-Module -Name Microsoft.PowerShell.RemotingTools
#Import the module
Import-module Microsoft.Powershell.RemotingTools
				
			
				
					#Enable SSH Remoting
 enable-sshremoting
 
#Restart the SSHD service
sudo systemctl restart ssh.service
				
			

And you’re done! You can enter the Powershell over SSH from you client with the following command:

				
					enter-pssession -hostname xxx -credential username@servername
#or if you are using cert for SSH you just do:
enter-pssession -hostname xxx

#PROtip1, you can also  save your session in a variable:
$session3 = New-PSSession -HostName Ubuntu

#PROtip2, you can do implicit remoting, that means importing a remote module like this:
import-pssession -Session $session3 -module activedirectory -prefix rem
#you can then run your command  like "get-remaduser" etc.

#this is the real power of Powershell, in fact implicit remoteing is what you are using when you are connecting to
#Azure or 365



				
			

I want to point out that there is a fine distinction between the -hostname parameter which triggers SSH connection, and -computername parameter which triggers WinRM connection

This is your implicit remote powershell module , that runs directly remote when you call the cmdlets

More articles

Optional features

Check available optional features: DISM /Online /Get-Capabilities Install an optional feature: DISM /Online /Add-capability /capabilityname:Media.MediaFeaturePack~~~~0.0.1.0

Read More »

AD retention period

Check AD retention tombstone value: Import-Module ActiveDirectory $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext $DirectoryServicesConfigPartition = Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext” -Partition $ADForestconfigurationNamingContext -Properties *

Read More »