TechShizz | All posts tagged 'Remote Management'

PowerShell Remote Administration - Implicit Remoting

To administer Office 365 you will need the following:

 

Azure AD PowerShell

 

Prerequisites

 

  • Windows 7+ / Server 2008R2 +
  • .NET 3.51 Framework
  • All cloud services subscription updates
  • Online Services Sign-in Assistant - OS Specific - From MS Download Centre.
  • Azure Administrative Console - From MS Download Centre.

See this link : http://technet.microsoft.com/library/jj151815.aspx

Download from HERE

Connect to Office 365 to administer Users, Licenses etc. (Not Exchange)

 

$msolcred = get-credential
connect-msolservice -credential $msolcred

 

(Log in with your  user@domain.onmicrosoft.com account)

 

To Administer Exchange in Office 365

 

 

Launch Azure Module for PowerShell or import the module - Import-Module MSOnline

 

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

 

Import-PSSession $Session

 

To administer another exchange server via PowerShell remotely

 

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.mydomain.com/powershell -Credential $UserCredential -Authentication Basic -AllowRedirection

 

Import-PSSession $Session

 

You may need to change the -Authentication switch to "Kerberos" depending on security settings.

 

To administer share point online

 

You need to download and install the SharePoint PowerShell module before this will work:

https://www.microsoft.com/en-gb/download/details.aspx?id=35588

 

$UserCredential = Get-Credential

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

$SP = Read-Host -Prompt 'Enter SharePoint Domain'

Connect-SPOService -Url https://$SP-admin.sharepoint.com -credential $UserCredential

 

To administer Skype for Business Online (Lync)

 

You need to download and install the Skype for Business PowerShell module before this will work:

https://www.microsoft.com/en-gb/download/details.aspx?id=39366

 

$UserCredential = Get-Credential

Import-Module SkypeOnlineConnector

$sfboSession = New-CsOnlineSession -Credential $UserCredential

Import-PSSession $sfboSession

 

One big script

 

if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoExit -NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; Exit }

Import-Module MSOnline

$UserCredential = Get-Credential

Connect-MsolService -Credential $UserCredential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

$SP = Read-Host -Prompt 'Enter SharePoint Domain'

Connect-SPOService -Url https://$SP-admin.sharepoint.com -credential $UserCredential

Import-Module SkypeOnlineConnector

$sfboSession = New-CsOnlineSession -Credential $UserCredential

Import-PSSession $sfboSession

DCOM & WinRM


DCOM and WinRM  are protocols used to administer WMI. In order for some windows components to be managed remotely, there are some pre-defined firewall rules that need to be enabled. 

 

COM+ Network Access

Remote Event Log Management

 

Remote Volume Management - (only enable if this functionality is required) Enables remote management of the computers disks.

Windows Firewall Remote Management - (only enable if this functionality is required) Enables remote management of the computers firewall.

DSC - Desired State Configuration

Installing and Removing Features with Powershell

================================================ 

To see a list of installed Roles/Features:

Get-WindowsFeature | Where-Object -FilterScript { $_.Installed -Eq $True }

Or for Remote machine

Get-WindowsFeature -computer VM1 | Where-Object -FilterScript { $_.Installed -Eq $True }

================================================


 

configuration FailOverCluster

{

    # One can evaluate expressions to get the node list

    # E.g: $AllNodes.Where("Role -eq Web").NodeName

    node ("Node1","Node2")

    {

        # Call Resource Provider

        # E.g: WindowsFeature

        WindowsFeature Failover-Clustering

        {

           Ensure = "Present"

           Name = "Failover-Clustering"

        } 

    }

}

FailOverCluster

 

 

==============================================

 

 

Start-DscConfiguration -ComputerName Node1,Node2 -Path FailOverCluster -Wait -Verbose

 

=================================================

Here is another exaplme but this time to configure a webserver to allow remote administration:

# create a DSC configuration to install IIS and support remote management
Configuration IISConfig {

    # define input parameter
    param(
        [string[]]$ComputerName = 'localhost'
    )

    # target machine(s) based on input param
    node $ComputerName {
        #Configure the LCM
        LocalConfigurationManager {
                ConfigurationMode = "ApplyAndAutoCorrect"
                ConfigurationModeFrequencyMins = 15
                RefreshMode = "Push"
}

        # install the IIS server role
        WindowsFeature IIS {
            Ensure = "Present"
            Name = "Web-Server"
        }

        # install the IIS remote management service
        WindowsFeature IISManagement {
            Name = 'Web-Mgmt-Service'
            Ensure = 'Present'
            DependsOn = @('[WindowsFeature]IIS')
        }

        # enable IIS remote management
        Registry RemoteManagement {
            Key = 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server'
            ValueName = 'EnableRemoteManagement'
            ValueType = 'Dword'
            ValueData = '1'
            DependsOn = @('[WindowsFeature]IIS','[WindowsFeature]IISManagement')
        }

        # configure remote management service
        Service WMSVC {
            Name = 'WMSVC'
            StartupType = 'Automatic'
            State = 'Running'
            DependsOn = '[Registry]RemoteManagement'
        }

    }

}

# create the configuration (.mof)
IISConfig -ComputerName WEB-NUG -OutputPath c:\nuggetlab

# push the configuration to WEB-NUG
Start-DscConfiguration -Path c:\nuggetlab -Wait -Verbose


# enter powershell remote session
Enter-PSSession -ComputerName WEB-NUG

# view installed features
Get-WindowsFeature | Where-Object Installed -eq True

# view LCM properties
Get-DscLocalConfigurationManager

# view configuration state
Get-DscConfigurationStatus

# test configuration drift
Test-DscConfiguration

# exit powershell remote session
Exit-PSSession

 

Windows PowerShell Web Access

To remote connect to a server via PS to begin with connect like this:

 

Enter-PSSession -computername VM2

 

To install this feature:

 

On the PSWA host to-be, run:

 

Install-WindowsFeature -Name WindowsPowershellWebAccess

 

If credentials are required, add:    -credential $cred

A password prompt will appear.

 

 

Once installed, a certificate needs to be added. In a test environment a self signed certificate can be created by running the following:

 

Install-PSwaWebApplication -UseTestCertificate

 

Next, an allowed list of computers need to be configured.

[This was awkward]

 

Add-PswaAuthorizationRule -UserName lab\Administrator -ComputerName HV1.lab.local -ConfigurationName Microsoft.PowerShell

 

The -UserName switch has to be in domain\username format and didn’t work with UPN.

 

Finally, go to https://VM2/pswa

 

Remember: The server that the role is installed on is the PSWA Gateway. The allowed list of computers is what can actually be accessed so it needs to be listed in the last step to access that server.