Let’s see how it is possible to connect to the various Windows PCs connected in the local network from a single workstation that will act as an administration console.
Windows offers everything you need tocheck the status of PCs connected to the local network through the PowerShell window.
How to Manage PCs on the Local Network with PowerShell
And that systems need not be attested on the same domain and managed through Active Directory: the ability tomanage the LAN connected PC Remote can also be used on machines belonging to the same workgroup(workgroup).
In this way, using your personal console, you willbeable tocheck the configuration of the other PCs, the installed updates, change their operating parameters, run scripts, arrange for a restartand much more.
Before trying your hand at the systems you use in production, we suggest carrying out some tests using virtual machines connected to the local network as if they were physical systems (Cardsettingwith bridgein the case of the virtual network interface of the Virtualboxvirtual machine ).
Tomanage the PCs in the local network remotely using only PowerShellthe procedure is all in all quite simple but it is important to pay the utmost attention to each step.
Server configuration
We call servers the machines you want to configure via PowerShell: theycan be Windows Server systems but also Windows 7, Windows 8.1 and Windows 10. With the term “server” we refer therefore simply to the machines that have to share their resources (they can therefore also be simple workstations).
To allow other PCs connected to the local network to connect to the Windows machine, simply typepowershellin the search box of the operating system, right click on theWindows PowerShellitem then selectRun as administrator.
At this point, in the PowerShell window, you will need to type the following:
Enable-PSRemoting -Force
PowerShell will thus activate an HTTP server (in a future article we will see how to protect the flow of conversations using HTTPS) on the machine and configure the appropriate rules in Windows Firewall to accept incoming connections.
By default, the Windows firewall is configured to accept connection requests only and only on network interfaces configured as private or within a domain.
TypingWindows Firewall with advanced securityin the operating system search box and then selectingIncoming connection rules, you will find theWindows Remote Managementrules(HTTP-In)just enabled by PowerShell.
Client configuration
At this point the system administrator can use another Windows machine also connected to the local network to manage the previously configured servers.
To do this, just typeWindows + Rfirst , writeservices.mscto open the window of the services installed on the machine, search forWindows Remote Management (WS-Management), click twice then chooseAutomatic (delayed start)as theType of bootand finally click theStartbutton .
By opening a PowerShell window with administrator rights (as seen above), you will then have to type the following two commands:
WSMan Set-Item: \ localhost \ Client \ TrustedHosts -Value ”COMPUTER1, COMPUTER2, COMPUTER3” -Force
Enter-PSSession -ComputerNameCOMPUTER1-CredentialUSERNAME
Instead ofCOMPUTER1, COMPUTER2, COMPUTER3must be indicated, separated by commas, names or the private IP addresses of the PCs to be administered.
In the second command, instead ofCOMPUTER1 youmust specify the system to which you want to connect whileUSERNAMEmust be replaced with an administrator account that exists on the server machine for which you know the corresponding password.
By typing in the password at the time of the request, after a few moments of waiting you will be prompted for the remote computer prompt. At this point,all the commands that will be given will be carried out on the remote machine connected to the local network: pay close attention.
With thecdanddircommands , for example, you can switch from one folder to another and check its contents.
TypingGet-HotFixwill obtain the complete list of Microsoft updates present on the remote system; withGet-Servicethe list of services and their status; withStart-Jobyou can start a background task (for example a PowerShell script); withRestart-Computer -Forceyou can force the restart of the machine (withStop-Computer -Forcethe shutdown).
Typingexitexits administration of the remote system.
Disable the Windows Remote Management Service on the client machine
In case, later, you want to disable the remote management service, just open a PowerShell prompt with administrative rights and use the following command:
Clear-Item -Path WSMan: \ localhost \ Client \ TrustedHosts -Force
Stop-Service WinRM -PassThru
Set-Service WinRM -StartupType Disabled -PassThru
The first command is optional and is used to delete all the hosts to which the connection has previously been authorized. You can avoid issuing this command (limiting yourself to the next two) in case you want to restart the Windows remote management service later to return to administering the server systems via PowerShell.
Completely uninstall the Windows Remote Management Service on the servers
Completely uninstalling the remote management service on server systems is slightly more tedious.
However, we have combined the commands to be issued from the open PowerShell window with administrator rights:
Disable-PSRemoting -Force
Remove-Item -Path WSMan: \ localhost \ listener \ listener * -Recurse
Stop-Service WinRM -PassThru
Set-Service WinRM – StartupType Disabled -PassThru
Set-NetFirewallRule -DisplayName ‘Windows Remote Management (HTTP-In)’ -Enabled False -PassThru | Select -Property DisplayName, Profile, Enabled
Set-ItemProperty -Path HKLM: \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ system -Name LocalAccountTokenFilterPolicy -Value 0