get-ciminstance on remote computers

Welcome Forums General PowerShell Q&A get-ciminstance on remote computers

This topic contains 4 replies, has 2 voices, and was last updated by

 
Keymaster
9 months, 3 weeks ago.

  • Author
    Posts
  • #92129
    js

    Participant
    Points: 202
    Helping Hand
    Rank: Participant

    Speaking of the first Iron Scripter puzzle, how do you get get-ciminstance to work on remote computers with the -computername option? I have the winrm service running and the firewall open, and trustedhosts set on the source, but it says "access denied".
    How does it know what username and password to use? The same as the source computer? That is a local administrators account (same name on both), so I would think it would work. Is there some other rights I have to enable? I'm not in a domain.

  • #92131

    Keymaster
    Points: 1,619
    Helping HandTeam Member
    Rank: Community Hero

    If WinRM is enabled and the remote has PowerShell 3 or later, and if you're connecting as an account the remote machine recognizes as an admin, then it should just work. It uses whatever account you've logged into Windows with. Logging in as a local admin on YOUR machine, will not translate to local admin on the OTHER machine, though. Local accounts don't cross to other machines. That's why they're
    "local."

  • #92132

    Keymaster
    Points: 1,619
    Helping HandTeam Member
    Rank: Community Hero

    If you're not in a domain, then basically the usual Remoting rules apply (even though CIM is not Remoting, they're both using WS-MAN). You could read "Secrets of PowerShell Remoting." But essentially since the default Kerberos authentication isn't going to work, you'll have to (a) use Basic, (b) specify credentials explicitly when running the command, and (c) make sure the remote machine can listen for HTTPS – meaning it needs a certificate, and (d) specify the connection be made over SSL.

    Yes, it's a PITA. That's why domains are a thing :). But simply having the accounts named the same on both machines won't work; outside of a domain, Kerberos isn't a thing.

    • #92134
      js

      Participant
      Points: 202
      Helping Hand
      Rank: Participant

      The thing is, I can get psremoting to work. It will even automatically try the same username and password. But get-ciminstance -computername still says access denied.

  • #92135

    Keymaster
    Points: 1,619
    Helping HandTeam Member
    Rank: Community Hero

    CIM and Remoting are a bit different, even though they use the same underlying WS-MAN protocol. They both authenticate in their own way.

    But if Remoting works, you may be good. Run Invoke-Command and just send your Get-CimInstance or whatever across that to run locally on the other box.

The topic ‘get-ciminstance on remote computers’ is closed to new replies.