The Strength of PowerShell

Running Commands on Remote Computers

You do have the ability, via PowerShell, to run commands on remote computers that have non-interactive output to the screen. For example, if you want to see a quick NETSTAT on a system, you can do so by issuing the command:

PS C:\Users\khess> Invoke-Command { netstat } -ComputerName XENAPP0

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    192.168.1.91:445       KEN:34268              ESTABLISHED
  TCP    192.168.1.91:5985      KEN:34534              ESTABLISHED
  TCP    192.168.1.91:5985      KEN:34535              ESTABLISHED

Or, check the TCP/IP configuration:

PS C:\Users\khess> Invoke-Command { ipconfig /all } -ComputerName XENAPP0

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XENAPP0
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection 4:

   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Citrix PV Ethernet Adapter
   Physical Address. . . . . . . . . : 5A-65-68-CB-55-BA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.91(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, April 13, 2012 10:55:02 AM
   Lease Expires . . . . . . . . . . : Monday, April 23, 2012 10:55:02 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

If you try launching a CMD window using this method, you’ll understand what happens when you attempt to run an interactive application.

PS C:\> Invoke-Command { cmd } -ComputerName XENAPP0
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\khess\Documents>   <--Remote system directory.

C:\>   <--Local system prompt.

The CMD did launch but died on the remote system, and you received screen output from the results of that launch.

If you’re familiar with the PsTools suite, now owned by Microsoft, the PsExec command performs a similar function, as do these commands in PowerShell: You launch a command on a remote system in a non-interactive way; you send the command; and you receive a response. There is a way to carry on an interactive PowerShell session but that’s the topic of a future post.

I hope that you can see the potential for PowerShell in your environment. Be aware that systems in a domain act differently from those in a standalone environment. Administrators might have to make domain-wide policy changes to allow remote management on systems. PowerShell and remote management are System Administrator tools and aren’t necessarily inherent security risks, but you might have a difficult time ahead of you when you plead your case to your Security team.

Normal users (those without Local Administrator or Domain Administrator privileges) can’t run these commands. PowerShell has security checks built in to it so that non-Administrator staff can’t issue system-changing commands and wreak havoc in your environment. Keep practicing, and next time, I’ll look at gathering information from multiple systems.

[Part 3]

Related content

  • PowerShell Part 1: Retrieving System Information

    Windows administrators, like Unix or Linux administrators, look for ways to perform their duties with ease and elegance through automation. PowerShell allows administrators to gather information, change Registry parameters, work with Active Directory, manipulate services, look at events, work with Windows Management Instrumentation (WMI), and much more. PowerShell is a Windows administrator’s best friend.

  • Working with objects in PowerShell
    This workshop helps admins understand the object-oriented structure of PowerShell.
  • PowerShell Part 3: Keeping PowerShell in the Loop

    PowerShell’s ability to use loops extends its reach to remote systems and performs repetitive operations.

  • Securing and managing Microsoft IIS
    If you use IIS on Windows servers, you can fully access the web server's features and manage it effectively with on-board tools, including the well-known Internet Information Services (IIS) Manager, Windows Admin Center, and PowerShell.
  • Administering virtual machines with PowerShell Direct
    Managing virtual machines with PowerShell used to require some complex configuration steps, but with version 5, PowerShell can now access a Hyper-V VM directly, which means you don't need to configure a virtual network connection.
comments powered by Disqus