1

To be specific: I want to run a powershell script on a remote windows server, but I can connect to this server using WMI only.

I used, for example, Get-Wmiobject to get some data like the running processes, but I failed after a lot of searching, to find a way to run a powershell script block on this remote one. One of the commands that I found is Invoke-Command but this one uses the winRM which is not opened to that remote server.

So, it is NOT allowed to run a powershell script on a remote server using WMI? I didn't find a clear and a direct answer for that.

Yasser Mohsen
  • 1,411
  • 1
  • 12
  • 29

2 Answers2

2

tl;dr

Consider using psexec as an alternative to PowerShell remoting for executing arbitrary commands.

The list of PowerShell commands that support targeting remote machines without relying on PowerShell remoting is limited (see below); they may all be WMI-based (I'm not sure), and they're focused on retrieving and manipulating remote resources (as WMI is in general) rather than providing the ability to execute arbitrary commands.

Update: Alberto Varga's helpful answer points out that the Win32_Process WMI class's .Create method indeed does allow creation of arbitrary processes; the documentation of PowerShell's Invoke-WmiMethod cmdlet even contains an example.

By contrast, Invoke-Command, which does offer the ability to execute arbitrary commands, does use PowerShell remoting, as you've discovered, which requires the WS-Management protocol, as implemented by Microsoft's WinRM service, among other prerequisites - see Get-Help about_Remote_Requirements.

The most generic of the non-remoting commands listed below is Invoke-WmiMethod, which provides open-ended access to WMI classes and their methods.

Note, however, that Microsoft recommends using the more recent *-Cim* cmdlets such as Invoke-CimMethod in the interest of cross-platform support, and that these CIM-compliant cmdlets again rely on WS-Management (WSMan) standards, as PowerShell remoting does.

List of PowerShell cmdlets that support targeting remote machines via -ComputerName without using PowerShell remoting, as of PSv5.1 (see Get-Help about_Remote_FAQ for background info):

Add-Computer
Clear-EventLog
Get-EventLog
Get-HotFix
Get-Process
Get-Service
Get-WmiObject
Invoke-WmiMethod
Limit-EventLog
New-EventLog
Register-WmiEvent
Remove-Computer
Remove-EventLog
Remove-WmiObject
Rename-Computer
Restart-Computer
Set-Service
Set-WmiInstance
Show-EventLog
Stop-Computer
Test-Connection
Write-EventLog
mklement0
  • 382,024
  • 64
  • 607
  • 775
  • Thank you for that. I tried `Invoke-WmiMethod` and I liked it. Depending on you answer, I tried many of these commands and I found that nearly all of them are WMI-based. – Yasser Mohsen Nov 19 '17 at 23:23
  • But unfortunately, some of them don't have a way to pass credentials to them, like `Get-Process`, `Get-Service` and Eventlog related commands, so, for example, I can use `Get-Process` directly to get the processes of a remote computer just if it is of the same credentials of my local machine, but if it isn't, I think we need to use `Invoke-Command` to pass the credentials. Can you help me also to get files size in a specific folder through WMI? Thank you. – Yasser Mohsen Nov 19 '17 at 23:33
  • It looks like you'll have to use `Invoke-WmiMethod` if you want to pass credentials; I suggest you try that and, should that not work, you ask a _new_ question addressing that specific problem. – mklement0 Nov 19 '17 at 23:42
1

This can be easily done. What you want is Win32_Process and method called Create. This allows you to spawn processes on remote machines 2K3 and higher.

albvar
  • 76
  • 10