I'm interested in executing powershell scripts on a computer behind a firewall. What ports will I need to have open? Will any special configuration be needed or I'll be just be able to connect to a fresh install of Windows Server 2008 r2 and start executing my scripts?
Asked
Active
Viewed 4,338 times
4 Answers
7
PowerShell 2 will do remoting over WinRM (WinRM is already available, since Windows 2003 R2, IIRC). WinRM is just SOAP over HTTP[S]. So the port is 80 by default, 443 for SSL by default.
Here's a quick overview on PS2 remoting, and one on WinRM for 2003.
MichaelGG
- 9,976
- 1
- 39
- 82
-
To clarify that PowerShell v2 will also require WinRM 2 (currently in CTP also). Windows Server 2008, for example, is bundled with WinRM 1.1, but WinRM 2 must be used to fully integrate with PowerShell v2. – Marco Shaw Feb 10 '09 at 15:26
7
MichaelGG got it right - all you need to do is use the native remoting available in PowerShell V2. It gives you a crazy degree of control over networking all using the WS-MAN protocol (that is a standard management protocol which is implemented by our WINRM service).
The way the V2 remoting works is that you can invoke a command (single command, pipeline, set of commands, or entire script) on a remote machine(s) and specify how you want that command to run.
e.g.
Invoke-Command {get-process} -Computername (cat servers.txt)
Invoke-Command
(1)-ScriptBlock | -Command <ScriptBlock>
(0)[-ComputerName | -Cn <String[]>]
[-ApplicationName <String>]
[-ArgumentList | -Args <Object[]>]
[-AsJob ]
[-Authentication <Basic | Credssp | Default | Digest | Kerberos | Negotiate | NegotiateWithImplicitCredential>]
[-CertificateThumbprint <String>]
[-ConfigurationName <String>]
[-Credential <PSCredential>]
[-HideComputerName | -HCN ]
[-InputObject <PSObject> (ByValue)]
[-JobName <String>]
[-Port <1->]
[-SessionOption <System.Management.Automation.Remoting.PSSessionOption>]
[-ThrottleLimit <Int>]
[-UseSSL ]
You can also provide SessionOptions
New-WSManSessionOption
[-NoEncryption ]
[-OperationTimeout <0->]
[-ProxyAccessType <ProxyAutoDetect | ProxyIEConfig | ProxyNoProxyServer | ProxyWinHttpConfig>]
[-ProxyAuthentication <Basic | Digest | Negotiate>]
[-ProxyCredential <PSCredential>]
[-SkipCACheck ]
[-SkipCNCheck ]
[-SkipRevocationCheck ]
[-SPNPort <0->]
[-UseUTF16 ]
New-WSManSessionOption
[-NoEncryption ]
[-OperationTimeout <0->]
[-ProxyAccessType <ProxyAutoDetect | ProxyIEConfig | ProxyNoProxyServer | ProxyWinHttpConfig>]
[-ProxyAuthentication <Basic | Digest | Negotiate>]
[-ProxyCredential <PSCredential>]
[-SkipCACheck ]
[-SkipCNCheck ]
[-SkipRevocationCheck ]
[-SPNPort <0->]
[-UseUTF16 ]
As you can see, you can specify how to traverse proxies, you can provide one set of credentials to the proxy and a different set of credentials to the endpoint. All that said, the simple case is that you don't specify anything and we'll use port 80.
Experiment! Enjoy! Engage!
Jeffrey Snover [MSFT]
Windows Management Partner Architect
Russ Cam
- 124,184
- 33
- 204
- 266
Jeffrey Snover - MSFT
- 10,173
- 4
- 21
- 13
-
Would you update this to show the correct port numbers mentioned by Aleksandar? – makerofthings7 Mar 28 '12 at 17:21
3
The default ports used for WS-Management and PowerShell remoting have been changed to 5985 an 5986 for connections over HTTP and HTTPS, respectively.
More details at Windows Management Infrstructure blog - http://blogs.msdn.com/wmi/archive/2009/07/22/new-default-ports-for-ws-management-and-powershell-remoting.aspx
aleksandar
- 203
- 2
- 5
-1
What ports you need open is entirely dependent on what you plan to be doing in your scripts.
GEOCHET
- 21,119
- 15
- 74
- 98