Attempting to run Powershell on Remote Computer - Errors - powershell

I am wanting to access another windows device on my local network and run powershell commands. In my mind, it would be similar to SSH into a linux box. I would have an open window on my machine, but would be operating within the remote machine so that I can execute composer install or php artisan migrate type commands on the remote machine.
I have followed the instructions from:
https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/
I am attempting to use
Enter-PSSession -ComputerName <RemoteComputerName> -Credential <RemoteUser>
When I run the command, I get a popup with the username populated and asking for a password. I have entered my MS password for the account. (I have changed the password from within Windows to ensure they are synced)
And I get the following error:
Enter-PSSession : Connecting to remote server <REMOTECOMPUTER> failed with the following error message : The WinRM client
cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not
joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts
configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not
be authenticated. You can get more information about that by running the following command: winrm help config. For
more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName <REMOTECOMPUTER> -Credential <USER>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (<REMOTECOMPUTER>:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
I can't seem to figure out how to do this. And, maybe more importantly, is there a better way/utility to accomplish my goal? The remote computer is hosting WAMP and I just want to be execute development commands remotely so I can move the RemoteComputer into the basement and not have to spin my chair around to type on it.
TIA

Related

Why do I get a "Get-WindowSize" not implemented error when using the PowerShell call Get-Service on a remote machine?

I have a Windows 10 host machine that connects to a Hyper-V Windows 10 VM hosted on the same box.
I've been following along the Pluralsight PowerShell tutorial.
I'm trying to get the services available on a remote computer.
I can start a session on the remote computer with the following command:
Enter-PSSession -ComputerName Client1 -Credential username
Once the session has started and I am connected, I attempt to call Get-Service to identify the services on the client computer.
[Client1]: PS C:\Users\username\Documents>Get-Service
When I run the above command, I get the following error message:
Remote host method get_WindowSize is not implemented.
+ CategoryInfo : ResourceUnavailable: (:) [out-lineoutput], PSRemotingDataStructureException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.PowerShell.Commands.OutLineOutputCommand
I am running the same version of PowerShell on the host and client machines (5.1.18362.145).
I assume that somehow this is an issue on the client machine?
[Client1]: PS C:\Users\username\Documents>Get-Service | out-string
That should work, maybe a bug with PowerShell or new version of Windows 10
Other link : https://social.technet.microsoft.com/Forums/en-US/67142783-2acd-4d54-aef2-8d89d71457c5/powershell-remoting-broken-in-windows-10-1903?forum=winserverTS
"Remote host method get_WindowSize is not implemented."
This happens to all Remoting Sessions started With Powershell_ISE on the Client-Side.
The workaround with Out-String sucks, it destroys the Result-Object of that call.
Best fix so far is either using not ISE or embed your remote Procedure in a Script and call it with Powershell.exe
Really annoying...and not fixed by now.
Workaround Example: Instead of using enter-pssession and then asking for a result of running services, you could use: $YourServices=Invoke-command -ComputerName <computername> -ScriptBlock {get-service}. Then you have all Service-Stats in your Object $YourServices.

Unable to contact server when I SSH into Powershell using an RSA key

I am working on a script that logs into a VM connected to my AD to perform some administrative functions. The script will be triggered by an application running on a Linux host. I've installed PowerShell Core and the Windows-Compatibility PowerShell module to allow me to log in via SSH. I can log in successfully and run the my script if I use a password, but if I log in using an RSA key, I get this error when I import AD:
Unable to contact the server. This may be because this server does not
exist, it is currently down, or it does not have the Active Directory
Web Services running.
CategoryInfo : ResourceUnavailable: (:) [Get-ADComputer], ADServerDownException
FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
PSComputerName : localhost
The script on the Linux host looks something like this:
#!/bin/bash
ssh ad\\ad-user#windows-host-ip \
-o IdentitiesOnly=yes \
-i ./id_rsa \
"C:\\pwsh\\pwsh.exe -c C:\Users\ad-user\Scripts\ad-management-script.ps1"
And the ad-management-script.ps1 looks something like this:
Import-WinModule ActiveDirectory
Get-ADUser -Identity ad-user
Like I said before: This runs perfectly if I leave the key off and enter a password, but it hits the error I mentioned above if I use the key.
Other notes: Regardless of which method I use to log in, I get these values from the $env:
> $env:username
ad-user
> $env:userdomain
ad
Thanks in advance for any guidance.
As per brief googling looks like people are getting similar issues with ActiveDirectory module while remoting to Windows machine. Not sure suggested workarounds are applicable to your case though. However there are alternatives for using this module. Try options below and see if any of it works.
1. In Powershell (not core):
$user = "someuser"
$searchByUser = "(&(objectCategory=person)(objectClass=organizationalPerson)(samaccountname=$user))"
([adsisearcher]$searchByUser).FindOne().Properties
2. DSQUERY (In CMD, no need for powershell)
dsquery * -filter "samaccountname=someuser"
3. NET (in CMD)
net user SOMEUSER /domain
This is known as the double hop problem. We can not use keys which are used for authentication to remote VM , to authenticate AD server too. There are multiple option which you can use, here is the guide
https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7.2

Run .ps1 file on powershell: IP address connection

I am new to powershell and trying to run a .ps1 file in but am getting the following error.
Any help would be much appreciated!
[IP ADDRESS] Connecting to remote server [IP ADDRESS] failed with the following error message : The WinRM
cannot process the request. Default authentication may be used with an IP address under the following conditio
transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use
winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated.
information on how to set TrustedHosts run the following command: winrm help config. For more information, see
about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: ([IP ADDRESS]:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : CannotUseIPAddress,PSSessionStateBroken
PS C:\windows\system32> winrm help config
Your code looks like it requires you to update line 8 with actual computer names. The win rm error is likely coming from the net use or Copy-Item cmdlets.
I would highly recommend being careful when running arbitrary powershell scripts from the internet. You should break down what each line is doing and understand before executing.

How to Specify the Password to repadmin.exe via Remote PowerShell Session

I have some issues with repadmin.exe utility
I have the following setup:
Windows Server 2012R2 with ADDS installed running inside of VMWare VM
Windows 8.1 Pro (host for VMware, my home desktop). My host is NOT a part of the domain
I do the following:
Open PowerShell ISE on my Windows 8.1 and establish remote connection to my DC (PowerShell ISE -> File -> New Remote PowerShell Tab)
Once I`m connected remotely to DC I run the following command
repadmin.exe /syncall
and get the following error:
CALLBACK MESSAGE: Error contacting server ad864315-1f78-4266-a7c2-2d6f9cde2f15._msdcs.arvo.local (network error): 5 (0x5):
Access is denied.
CALLBACK MESSAGE: Error contacting server a5904e4b-dff2-4b75-b856-45593a48d84e._msdcs.arvo.local (network error): 5 (0x5):
Access is denied.
SyncAll exited with fatal Win32 error: 8440 (0x20f8):
The naming context specified for this replication operation is invalid.
I found here http://technet.microsoft.com/de-de/library/cc811552%28v=ws.10%29.aspx that is is possible to specify username and password for repadmin using /u: and /pw: keys. Besides it is possible to pass the password using 2 methods - either specify it explicitly in command line or put * (asterisks) and I will be prompted to enter the password. The second option is more preferable.
So I can do ether this way (specify the password in command line):
repadmin.exe /u:domain_name\user_name /pw:p#ssw0rd /syncall
or use asterisks and enter password after this command:
repadmin.exe /u:domain_name\user_name /pw:* /syncall
Asterisks works locally in PowerShell on the server, but if I run it using Remote PowerShell Session, I get the following error:
repadmin : Password: Failed to query the console mode.
+ CategoryInfo : NotSpecified: (Password: Faile...e console mode.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Is there any workaround? I would not specify the password clearly in command line as it is not secure.
Thanks!
You might try something like this inside the remote PowerShell session:
$MyCreds = Get-Credential
Start-Process -FilePath repadmin.exe -ArgumentList "/syncall" -Credential $MyCreds
That way, you could leverage the security of PowerShell's credential management and just run the process under an account that has access to perform the replication.

Powershell - Invoke command access denied while not running under domain admin account

I'm using a script to create a folder on a remote server which is a filew server and a RODC.
When I run the script from a domain admin user the command complet successfuly. When I run with an account that is on the group that can administer the RODC I got an access denied.
$remotefolder = [scriptblock]::create("New-Item -Path d:\testfolder -type directory -Force ")
Invoke-Command -ComputerName server1 -ScriptBlock $remotefolder
I get this error:
[server1] Connecting to remote server server1 failed with the following error message : Access is denied.
For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (server1:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
As it's an RODC there's no local groups that I can add my users that need to run this script.
Is anybody know how I can stop getting this accessdenied ?
Update 12/12:
I tried the same script block on a domain member server only and I don't get the access denied message, the folder is created as it should. Any toughs on how I can get this script block running on a RODC without using a Domain admin user ?
You should probably read up on PSSessionConfiguration before you do this, so you understand the implications, starting with
help about_Session_Configurations
First, create a domain group called 'RODC PowerShell Users'. Put yourself in it, wait for replication, log off and on again. Check that you're in this group.
Second, from an elevated shell on the RODC, run this:
Set-PSSessionConfiguration microsoft.powershell -ShowSecurityDescriptorUI
(After the first, time you'll probably want to use -Force but it's useful to see what it's doing.) Hit Y when asked to confirm.
After a few seconds it will display the Permissions UI for http://schemas.microsoft.com/powershell/microsoft.powershell
Click Add, enter your group name in the dialog that appears, and click OK.
In the "Permissions for RODC PowerShell Remoting Access" box, start with Read and Execute. (You may need Write or Full Control, depending on what you want to do.)
Click OK.
Then enter Y in the PowerShell window to confirm you want to restart WinRM.
From your remote box, assuming you've already set up remoting on the RODC, you should now be able to run:
Invoke-Command -ComputerName server1 { $env:computername }