PowerShell, WMI & Heterogeneous domains

This topic contains 5 replies, has 3 voices, and was last updated by Profile photo of William Davis William Davis 3 months, 3 weeks ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #41731
    Profile photo of William Davis
    William Davis
    Participant

    I am still relatively new to PowerShell so I have to ask this broad question, of which I should know the answer but I do not, so sorry. My situation is this, I work in an environment where PS Remoting cannot and will not be allowed, so I am forced to get what ever systems info I can by resulting to WMI. I support two types of network topological designs. The first is a true domain, all the machines using the same FQDN. The second are also domains (Campuses) that are all different FQDN's. I have to touch these machines (All) from a single workstation that resides on the first domain I described. Using WMI on the first domain has no issues, but I have to ask if PowerShell can be configured to pull information from the other heterogeneous domains? I will have little if any support from the different network domain admins, I guess between "Group Policy" and their own local restraints that they just refuse to help us out, cannot say as I blame the DoD offers it's own set of IT challenges, salute!

    I admit after a couple of years working with PowerShell and reading everything I can find (Especially from Mr. Jones and Mr. Hicks) that I should be able to answer my own question, but I am stuck, and I hope that you will forgive my lack of knowledge.

    #41735
    Profile photo of Jack Neff
    Jack Neff
    Participant

    Ahh....the DoD I remember it fondly and all the goofy workarounds we had to come up with to do our jobs b/c of IA. Anyway, have you tried adding the -Credential param in Get-WMIObject?

    #41749
    Profile photo of William Davis
    William Davis
    Participant

    Thank you for such a timely response. The DoD side is not the issue I can query those machines fine. It is the ones scattered across 5 states and 38 different .edu domains that I am trying to pull info from. Do you know if PowerShell is capable?

    #41751
    Profile photo of Jack Neff
    Jack Neff
    Participant

    5 states and 38 domains? I find it hard to believe you wouldn't be traversing a firewall or two. WMI doesn't play nice with firewalls b/c it uses DCOM and a random port. WMI traffic is also not encrypted so there's that. So unless you're using some sort of encrypted tunneling protocol like VPN, RDP, or SSH, (or PSRemoting) to touch these networks you aren't going to get very far with powershell.

    #41756
    Profile photo of Arie H
    Arie H
    Participant

    Is your domain above (as in domain topology) the campuses domains ? are you all in the same forest ?
    if the answer to either is no, do you know if there are any trust relations between the two domains/forests ?
    (dont need to specify the level of trust)

    Usually when dealing with cross domains / forests, there needs to be some sort of Trust relations between
    them to allow users from one domain to access resources on the other domain. You'll need to talk to those
    sys admins to create an execution account on their domain
    which you will have to use as the credentials for your WMI, if there's at least a one-way Trust relation
    between your domain and theirs.

    Other option is that you write a PowerShell script and give it those sys admins to run as a scheduled task,
    that collects the data periodically, exports it to a text file of some sort and relays that file through
    other means to a centralized location where you go over them and extract the data you need.

    I'm saving you from my 2 page long rant about "where PS Remoting cannot and will not be allowed" 🙂

    #41784
    Profile photo of William Davis
    William Davis
    Participant

    I appreciate all the reply's, and reading through everyone's comments I get a sense that I better find another solution. I reside on the DoD side, and consulting with the sysadmins of the "commercial" .edu domains is not an option. I d thank everyone for their time, I will push PowerShell to the best of my abilities on the domains that I can work with. I will use PS inside a one to one remote support session, maybe I can get PSRemoting enabled without anyone's knowledge and just hope the GP does not shut it down, salute to all!

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.