New-PSSession via VPN

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 1 year, 10 months ago.

  • Author
    Posts
  • #25635
    Profile photo of Rick Mobley
    Rick Mobley
    Participant

    I am new to PowerShell.

    I have VPN access to several of my customers and would like to have the ability to access their machines (Servers and desktops) to provide support. Today I needed access to the C: drive on two computers to look for files. I couldn't make the connection with PowerShell but I could make the connection with a standard Windows Browser by entering \\\c$ and providing the authentication. If I could connect with PowerShell, I could invoke-command to copy a file from one PC to another, right?

    What needs to be set up in order to make that happen?

    Even pointing me to documentation that covers this would be fine.

  • #25636
    Profile photo of Don Jones
    Don Jones
    Keymaster

    That'd be "Secrets of PowerShell Remoting."

    The fact that it's a VPN doesn't matter; once the VPN is up, it's just a network connection. So the remote machine needs to (a) have Remoting enabled, and (b) be willing to let you in. The latter is harder if you and the remote machine aren't in the same domain; you're going to have to either add them all as Trusted Hosts, or do the right thing and set up HTTPS on them instead of the default HTTP receiver for Remoting.

    Accessing a file share uses SMB. That's an entirely different protocol using entirely different authentication rules. For example, a file share will fall back to NTLM for non-domain authentication; Remoting won't do that automatically.

    And to answer the next problem...

    [blockquote]If I could connect with PowerShell, I could invoke-command to copy a file from one PC to another, right?[/blockquote]

    Not by default. When you remote to a machine, you only have access to local resources by default. A configuration change is needed on that machine, or in the remote domain, to allow you to hop around from machine to machine.

    What might be easier is to look into PowerShell Web Access. This can run on any one Win2012+ machine in the customer environment, and you'd access it via your web browser. It gives you a web-based PowerShell console that can be used to remote to any other machine in that same environment (provided Remoting is enabled, obviously). But hopping from machine to machine is still an extra configuration – you can imagine the security problems around letting one account hop in and access anything, so MS doesn't enable that by default.

  • #25656
    Profile photo of Rick Mobley
    Rick Mobley
    Participant

    Thanks Don.

    I will do some additional reading when I can work it in... I am trying to locate a "complete" document "secrets of powershell remoting" but running into difficulty. I grabbed the PDF version and it cuts off so I grabbed all the rest and the longest seems to stop after figure 7.6 where it talks about What you can't do with a GPO.

    Can you direct me to a complete copy, or did I already find it?

    Thank you for the quick response. So far I am having fun learning PowerShell and will have even more fun once I start using it for remote troubleshooting and data gathering.

    Rick

  • #25657
    Profile photo of Don Jones
    Don Jones
    Keymaster

    As mentioned in the first page, the PDF export is unreliable. Try another format.

You must be logged in to reply to this topic.