PS Remoting not available - best Options or suggestions on effectively work

Welcome Forums General PowerShell Q&A PS Remoting not available - best Options or suggestions on effectively work

Viewing 4 reply threads
  • Author
    Posts
    • #185942
      Participant
      Topics: 18
      Replies: 28
      Points: 38
      Rank: Member

      General question – looking for some general guidance to become more effective with this limitation – perhaps by people in a similar situation

      PS Remoting is not available – looking for best Options or suggestions on effectively working around this where possible.

      One common pain point is gathering remote event logs for troubleshooting – running these queries remotely massively blows out the time the filtering takes to complete and return the results.  If a remote computer is busy (No RDP Option) and you need the logs and have to resort to remote querying – is there anything you can suggest to help.  I tried to use PSEXEC to launch and run the query from a saved script copied onto the remote machine to get powershell to run locally and then copy the .csv results back afterwards – appreciate any better suggestions – thanks

    • #186080
      Senior Moderator
      Topics: 8
      Replies: 1141
      Points: 3,927
      Helping Hand
      Rank: Community Hero
    • #186341
      Participant
      Topics: 18
      Replies: 28
      Points: 38
      Rank: Member

      I'm possibly not being clear – to gather and filter all the event logs on a remote machine – it is advisable to run the powershell command locally or via a PSSession to have all the filtering done locally?  If I don't have WSMAN access to use powershell remoting, and can't log into the remote machine via RDP, running get-winevent -computername xxxxx from my 'management' workstation is still going to take a much longer time than if I could run this from the machine where the logs reside?

      Just trying to get some ideas around what, if any possible solutions there may be to assist here

       

    • #186359
      Senior Moderator
      Topics: 8
      Replies: 1141
      Points: 3,927
      Helping Hand
      Rank: Community Hero

      Try Get-WinEvent, it has builtin Filter capability which will run on target system and doesn't uses WSMAN and uses EventLog service on the target system.

      https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-5.1

    • #188401
      Participant
      Topics: 0
      Replies: 5
      Points: 7
      Rank: Member

      I have found Get-WinEvent to perform almost as well on a remote system as local. You definitely want to use a FilterHashTable. It provided me with a very significant performance gain. I should note that in my audit script, I am not gathering ALL event logs as you suggest, only Application, System and Security logs.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.