I'm interested in executing powershell scripts on a computer behind a firewall. What ports will I need to have open? Will any special configuration be needed or I'll be just be able to connect to a fresh install of Windows Server 2008 r2 and start executing my scripts?
By default, WS-Man and PowerShell remoting use port 5985 and 5986 for connections over HTTP and HTTPS, respectively.
The port number. By default a PowerShell agent uses port 5985 for a regular connection and 5986 for a secure connection.
MichaelGG got it right - all you need to do is use the native remoting available in PowerShell V2. It gives you a crazy degree of control over networking all using the WS-MAN protocol (that is a standard management protocol which is implemented by our WINRM service).
The way the V2 remoting works is that you can invoke a command (single command, pipeline, set of commands, or entire script) on a remote machine(s) and specify how you want that command to run.
e.g.
Invoke-Command {get-process} -Computername (cat servers.txt)
Invoke-Command
(1)-ScriptBlock | -Command <ScriptBlock>
(0)[-ComputerName | -Cn <String[]>]
[-ApplicationName <String>]
[-ArgumentList | -Args <Object[]>]
[-AsJob ]
[-Authentication <Basic | Credssp | Default | Digest | Kerberos | Negotiate | NegotiateWithImplicitCredential>]
[-CertificateThumbprint <String>]
[-ConfigurationName <String>]
[-Credential <PSCredential>]
[-HideComputerName | -HCN ]
[-InputObject <PSObject> (ByValue)]
[-JobName <String>]
[-Port <1->]
[-SessionOption <System.Management.Automation.Remoting.PSSessionOption>]
[-ThrottleLimit <Int>]
[-UseSSL ]
You can also provide SessionOptions
New-WSManSessionOption
[-NoEncryption ]
[-OperationTimeout <0->]
[-ProxyAccessType <ProxyAutoDetect | ProxyIEConfig | ProxyNoProxyServer | ProxyWinHttpConfig>]
[-ProxyAuthentication <Basic | Digest | Negotiate>]
[-ProxyCredential <PSCredential>]
[-SkipCACheck ]
[-SkipCNCheck ]
[-SkipRevocationCheck ]
[-SPNPort <0->]
[-UseUTF16 ]
New-WSManSessionOption
[-NoEncryption ]
[-OperationTimeout <0->]
[-ProxyAccessType <ProxyAutoDetect | ProxyIEConfig | ProxyNoProxyServer | ProxyWinHttpConfig>]
[-ProxyAuthentication <Basic | Digest | Negotiate>]
[-ProxyCredential <PSCredential>]
[-SkipCACheck ]
[-SkipCNCheck ]
[-SkipRevocationCheck ]
[-SPNPort <0->]
[-UseUTF16 ]
As you can see, you can specify how to traverse proxies, you can provide one set of credentials to the proxy and a different set of credentials to the endpoint. All that said, the simple case is that you don't specify anything and we'll use port 80.
Experiment! Enjoy! Engage!
Jeffrey Snover [MSFT]
Windows Management Partner Architect
PowerShell 2 will do remoting over WinRM (WinRM is already available, since Windows 2003 R2, IIRC). WinRM is just SOAP over HTTP[S]. So the port is 80 by default, 443 for SSL by default.
Here's a quick overview on PS2 remoting, and one on WinRM for 2003.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With