Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does it mean that powershell 2.0 will be "firewall friendly"?

I'm interested in executing powershell scripts on a computer behind a firewall. What ports will I need to have open? Will any special configuration be needed or I'll be just be able to connect to a fresh install of Windows Server 2008 r2 and start executing my scripts?

like image 321
sumek Avatar asked Feb 10 '09 14:02

sumek


People also ask

What firewall ports should be enabled to allow PowerShell remoting?

By default, WS-Man and PowerShell remoting use port 5985 and 5986 for connections over HTTP and HTTPS, respectively.

What ports are used by PowerShell?

The port number. By default a PowerShell agent uses port 5985 for a regular connection and 5986 for a secure connection.


2 Answers

MichaelGG got it right - all you need to do is use the native remoting available in PowerShell V2. It gives you a crazy degree of control over networking all using the WS-MAN protocol (that is a standard management protocol which is implemented by our WINRM service).

The way the V2 remoting works is that you can invoke a command (single command, pipeline, set of commands, or entire script) on a remote machine(s) and specify how you want that command to run.

e.g. Invoke-Command {get-process} -Computername (cat servers.txt)

Invoke-Command
    (1)-ScriptBlock | -Command <ScriptBlock>
    (0)[-ComputerName | -Cn <String[]>]
       [-ApplicationName <String>]
       [-ArgumentList | -Args <Object[]>]
       [-AsJob ]
       [-Authentication <Basic | Credssp | Default | Digest | Kerberos | Negotiate | NegotiateWithImplicitCredential>]
       [-CertificateThumbprint <String>]
       [-ConfigurationName <String>]
       [-Credential <PSCredential>]
       [-HideComputerName | -HCN ]
       [-InputObject <PSObject> (ByValue)]
       [-JobName <String>]
       [-Port <1->]
       [-SessionOption <System.Management.Automation.Remoting.PSSessionOption>]
       [-ThrottleLimit <Int>]
       [-UseSSL ]

You can also provide SessionOptions

New-WSManSessionOption
       [-NoEncryption ]
       [-OperationTimeout <0->]
       [-ProxyAccessType <ProxyAutoDetect | ProxyIEConfig | ProxyNoProxyServer | ProxyWinHttpConfig>]
       [-ProxyAuthentication <Basic | Digest | Negotiate>]
       [-ProxyCredential <PSCredential>]
       [-SkipCACheck ]
       [-SkipCNCheck ]
       [-SkipRevocationCheck ]
       [-SPNPort <0->]
       [-UseUTF16 ]



New-WSManSessionOption
           [-NoEncryption ]
           [-OperationTimeout <0->]
           [-ProxyAccessType <ProxyAutoDetect | ProxyIEConfig | ProxyNoProxyServer | ProxyWinHttpConfig>]
           [-ProxyAuthentication <Basic | Digest | Negotiate>]
           [-ProxyCredential <PSCredential>]
           [-SkipCACheck ]
           [-SkipCNCheck ]
           [-SkipRevocationCheck ]
           [-SPNPort <0->]
           [-UseUTF16 ]

As you can see, you can specify how to traverse proxies, you can provide one set of credentials to the proxy and a different set of credentials to the endpoint. All that said, the simple case is that you don't specify anything and we'll use port 80.

Experiment! Enjoy! Engage!

Jeffrey Snover [MSFT]
Windows Management Partner Architect

like image 88
Jeffrey Snover - MSFT Avatar answered Sep 27 '22 21:09

Jeffrey Snover - MSFT


PowerShell 2 will do remoting over WinRM (WinRM is already available, since Windows 2003 R2, IIRC). WinRM is just SOAP over HTTP[S]. So the port is 80 by default, 443 for SSL by default.

Here's a quick overview on PS2 remoting, and one on WinRM for 2003.

like image 37
MichaelGG Avatar answered Sep 27 '22 22:09

MichaelGG