Author Posts

September 3, 2014 at 10:22 am

I am trying to verify across 20 servers the powershell configuration.

So locally UAC prompt powershell as admin the below works.

 get-item wsman:\localhost\shell | get-childitem

Remoting wise I thought this work have worked.

 Start-Process powershell.exe -ArgumentList "icm -computername server1,server2,server3 -scriptblock {get-item wsman:\localhost\shell | get-childitem}" -verb runas

Not sure how to capture the output or at least hold up the pop window that occurs.

September 3, 2014 at 10:24 am

Well... I think the general theory is to try and not run into UAC. I would normally run Invoke-Command from my non-elevated prompt, and provide it with a -Credential parameter, which it would use to make the remote connection. That should remove any UAC pop-up windows, since you're not launching a new instance of PowerShell. That'll also put the output right into your PowerShell console, where you can work with it however you like.

September 3, 2014 at 11:09 am

Thanks Don. That where I am at a loss since

icm -computername server1,server2,server3 -scriptblock {get-item wsman:\localhost\} -Cred usernameinfohere 

works but soon as I add shell to the end of wsman:\localhost\ I run into what looks like a permissions issue since for example (pre)icm -computername server1,server2,server3 -scriptblock {get-eventlog security -Newest 10} works. I'll keep digging and let you know if I find something fruitfull.

September 3, 2014 at 11:17 am

It's square brackets on the code formatting 😉

Couple of things. One, keep in mind that you can map other computers' WS-MAN to your own WSMAN: drive. It uses demoting under the hood, so try doing that with 1-2 computers. If you're not able to navigate the hierarchy that way, then yes, there's a problem of some kind. But that'll help eliminate certain possibilities.

Second, double-check and make sure Remoting is enabled on those computers. I'm guessing it is, since just going to /localhost/ works.

Third, keep in mind all those settings can also be configured in a GPO, which may be more convenient for you.

September 3, 2014 at 12:45 pm

Resorted to using a foreach in combination connect-wsman then reused code.

$file = "wsmansettings.txt"

$servers = "server1","server2","server3","server4","server5"

foreach($server in $servers){
                                Connect-WSMan $server
                                Get-Item wsman:\$server\shell | Get-ChildItem | out-file $file -Append
                                Disconnect-WSMan $server

                            }#foreach

invoke-item $file
$servers = ""

mybad on the pre tags...

September 3, 2014 at 2:29 pm

Thanks for the advice and assistance.