Author Posts

January 24, 2018 at 7:20 pm

Speaking of the first Iron Scripter puzzle, how do you get get-ciminstance to work on remote computers with the -computername option? I have the winrm service running and the firewall open, and trustedhosts set on the source, but it says "access denied".
How does it know what username and password to use? The same as the source computer? That is a local administrators account (same name on both), so I would think it would work. Is there some other rights I have to enable? I'm not in a domain.

January 24, 2018 at 7:21 pm

If WinRM is enabled and the remote has PowerShell 3 or later, and if you're connecting as an account the remote machine recognizes as an admin, then it should just work. It uses whatever account you've logged into Windows with. Logging in as a local admin on YOUR machine, will not translate to local admin on the OTHER machine, though. Local accounts don't cross to other machines. That's why they're
"local."

January 24, 2018 at 7:24 pm

If you're not in a domain, then basically the usual Remoting rules apply (even though CIM is not Remoting, they're both using WS-MAN). You could read "Secrets of PowerShell Remoting." But essentially since the default Kerberos authentication isn't going to work, you'll have to (a) use Basic, (b) specify credentials explicitly when running the command, and (c) make sure the remote machine can listen for HTTPS – meaning it needs a certificate, and (d) specify the connection be made over SSL.

Yes, it's a PITA. That's why domains are a thing :). But simply having the accounts named the same on both machines won't work; outside of a domain, Kerberos isn't a thing.

January 24, 2018 at 7:28 pm

The thing is, I can get psremoting to work. It will even automatically try the same username and password. But get-ciminstance -computername still says access denied.

January 24, 2018 at 7:30 pm

CIM and Remoting are a bit different, even though they use the same underlying WS-MAN protocol. They both authenticate in their own way.

But if Remoting works, you may be good. Run Invoke-Command and just send your Get-CimInstance or whatever across that to run locally on the other box.