February 1, 2017 at 4:22 pm #63238
I need to create a remote PowerShell session to a Domain Controller.
I need to specify the IP address of the DC while opening the connection, so my command looks like:
New-PSSession -ComputerName 192.168.1.1 -Credential (Get-Credential)
I know the domain name (let's say, mydomain.local), the DC name (let's say, mydc.maydomain.local), the Administrator's user name and the password. What is the right syntax to specify them while opening the remore session?
February 1, 2017 at 4:32 pm #63240
$username = "Username" $Password = ConvertTo-SecureString -String "password" -AsPlainText -force $credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password New-PSSession -ComputerName 192.168.1.1 -Credential $credentials
I believe that is what you are looking for. Not great as its username/password in plain text.
February 1, 2017 at 5:03 pm #63241
I agree with Alex. Don't store the domain admin password – never ever.
This would pop up you to type in password but would auto fill username.
New-PSSession -ComputerName 192.168.1.1 -Credential (Get-Credential domain\admin)
February 2, 2017 at 10:10 am #63294
Thank you for the hints.
I performed the suggested steps in a small lab environment (so, no problem with the Domain Administrator's password) but I get the following error:
PS C:\Users\user> $username = "Administrator" PS C:\Users\user> $Password = ConvertTo-SecureString -String "XXXXXXXX" -AsPlainText -force PS C:\Users\user> $credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $pass word PS C:\Users\user> New-PSSession -ComputerName 192.168.1.1 -Credential $credentials New-PSSession : [192.168.1.1] Connecting to remote server 192.168.1.1 failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 + New-PSSession -ComputerName 192.168.1.1 -Credential $credentials + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin gTransportException + FullyQualifiedErrorId : ServerNotTrusted,PSSessionOpenFailed PS C:\Users\user>
Please consider that neither the client PC or the client user are members of the AD domain.
By the way, I got the same error after entering the same command with a wrong IP address.
I don't think, however, it's a network issue because I can ping the IP address of the DC and (in the lab enviromnent) the firewall on the DC is disabled.
While moving to the production environment I'll need to face a more complex networking configuration, but at the moment I'd like to start from a simpler lab environmet.
How can I troubleshoot the problem?
February 2, 2017 at 10:42 am #63295
Can you run the command:
New-PSSession -ComputerName 192.168.1.1 -Credential (get-credentials)
Input the credentials, do you still get the same issue?
If you do then you might need to run enable-psremoting on the machine you are trying to connect to.
February 2, 2017 at 8:13 am #63292
Another method you could try is:
##This stores the username and password object in a XML file $path = C:\SomePlaceOnMyCDrive $cred = Get-Credential $cred | Export-Clixml "$path\Password.xml" ##Import the XML file and use the username and password from it ##Only the user that created the XML file can decrypt it. $UserDetails = Import-Clixml $path\Password.xml $LoginDeets = New-Object System.Management.Automation.PSCredential -ArgumentList $UserDetails.username,$UserDetails.password New-PSSession -ComputerName 192.168.1.1 -Credential $LoginDeets
This is another method that does not store the Username and Password in plain text. It does require the same user to login though.
February 2, 2017 at 1:24 pm #63319
use the computer name rather than the IP address. Why do you say you need to specify the IP address. New-PsSession expects a name by default. If you want to start using IP addresses you need to think about trusted hosts and possibly encrypting the connection
You must be logged in to reply to this topic.