Get-Service, Restart-Service, Start-Service on remote computer (required ports)

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of David Senior David Senior 7 months ago.

  • Author
  • #37044
    Profile photo of Bojan Zivkovic
    Bojan Zivkovic

    Hi, I have trouble on a few Windows 7 clients – for some reason network profile changes from domain to public, blocking myriad of important ports. Solution for this (temporary) is to restart service NlaSvc and dependent service netprofm. Is there any particular (fixed) ports used on target computers by cmdlets Get-Service, Restart-Service and Start-Service – if so I would open these ports via GPO (potentially I could also disable firewall for public profile but it would be overkill)? I have read many times it is much easier to use PS remoting which uses ports 5985 and 5986 while cmdlets that have -ComputerName as parameter use RPC (DCOM) where port number changes.

  • #37051
    Profile photo of David Senior
    David Senior

    There seems to be a hotfix for your problem

    All PowerShell remoting features will be disabled on the standard public firewall profile.
    Even the cmdlet Enable-PsRemoting will produce an error with the Network profile set to public.

    The best solution to your problem is to solve the cause of the profile change rather than finding a work around.

  • #37065
    Profile photo of Bojan Zivkovic
    Bojan Zivkovic

    I found this long time ago, both x86 and x64 flavors. For some reason there is an error that package is not applicable to Windows 7 computer (x86). For time being only solution, although temporary, is to restart NlaSvc service on problematic computer and dependent service netprofm.

  • #37093
    Profile photo of David Senior
    David Senior

    Could you upgrade the OS to 64bit?

    I had a similar problem in the past I used this method:

    .....we will be adding a DNS suffix so that NLA can properly locate the domain controller which is how it knows to mark the location as “Domain network”.

    Go to Network Connections (from the Network and Sharing Center, click on "Change adapter settings".)

    Go to the properties of one network connection marked as "Unidentified" but on the private LAN.

    Go to the properties for IPv4.

    Click the "Advanced..." button.

    Select the DNS tab.

    Enter your domain name into the text box for "DNS suffix for this connection:".

    Disable and then enable the connection to get NLA to re-identify the location.

    After enabling the connection, the Status should change to the domain name and Network Category to "Domain network". Depending on your setup, it is likely that you only need to "fix" one connection to get all the related connections to see the domain.


    I had a problem where machines ended up out of sync with the domain.
    I enabled file sharing on the public network and used Psexec.exe to run a Powershell script that used the Test-ComputerSecureChannel cmdlet to repair the connection.

    Looking at your other question you could use psexec to restart your services if file sharing was enabled on the public firewall.

    CAUTION: I was dealing with a lab environment with no security requirements due to the nature of its use.

You must be logged in to reply to this topic.