Greetings!
While trying to connect to a workstation on our network I discovered the workstation wasn't on our AD domain but was configured for WORKGROUP. That got me thinking, "Can I access WORKGROUP machines via Powershell?". And, by golly, you can. Here's how:
Prerequisite work (this needs to be done on each PC you want to access):
Make sure the workstations are within the same IP and subnet mask range
Open your firewall settings
On the left panel, select "Allow an app or feature through Firewall"
Click on "Change Settings". This will give you access to the apps and features in the list.
Scroll down and select Windows Management Instrumentation (WMI).
Click on the Private box
Scroll down and select Windows Remote Management
Click on the Private box
Click on OK
Close the Firewall window
Configuring Powershell:
Open Powershell with elevated privileges
At the prompt, type:
new-itemproperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -propertytype DWord -value 1
NOTE: the LocalAccountTokenFilterPolicy setting sets how admin credentials are applied to a
remote computer. A value of 1 is what is used to build the evaluated token
At this point you should be able to create a PSSession to your computer by typing:
enter-pssession localhost
You should see a prompt similar to [localhost]: PS C:\Users.
Type exit-pssession to exit out of the session
If all of the above tasks work on both computers, you should be able to create a session from one computer to another. For example, I have two test workstations, 192.168.100.5 and 192.168.100.6. In order for me to create a session from 100.5 to 100.6, I will do the following:
On 100.5
enter-pssession -computername 192.168.100.6
The prompt will look list [192.168.100.6]: PS C:\users
From here I can start and stop services/processes. I can create files and directories. I will be looking for a way to copy files from a session to the host.
Again, to disconnect the session, type exit-possession
I know this seems like a lot of steps just to allow PSRemoting to WORKGROUP computers. But I know there are still some environments where they have non-domain computers. Why should they be deprived of experiencing Powershell's greatness?
Now, my book recommendation.
I don't do book reviews as well as I should. But, Don Jones' new book, "Be The Master", is worth reading. The main theme of the book is that we all have something to share/teach others. Mr. Jones uses the analogy of the master and apprentice. The master would share all of their knowledge with the apprentice, sometimes at the cost to the apprentice. This allows for a craft/talent to move on (and sometimes is improved upon) to future generations. What I got out of this book is that there are people out there who want to know things that I know. That is why I post stuff to this blog. I love Powershell and I want to share some of the things I have found.
It's a quick ready (about 105 pages) and is available via Amazon at $8.
Well that's what I have for this week. I hope you found both items helpful.
Mike
No comments:
Post a Comment