powershell or cmd for remote administration

i frequently use remote desktop, gotoassist express and logmein to administer servers or end user terminals.

in certain circumstances there is significant latency or low bandwidth where a full console is either slow, superfluous (i.e. if i'm using powershell to administer exchange via rdp) or overkill (i.e. an end user would like to use the machine at the same time, and i need to use cmd, robocopy, wget, etc)

in this circumstances i'd like a simple facility for enabling remote administration via powershell or cmd. assuming i already have full access to the machine via gotoassist, logmein, etc, what would be the simplest method for enabling this?

winrm would be a superb technology, but it's far too messy to setup. something ad-hoc would be excellent, but the simpler the better. ideally something as simple as gotoassist's 'open the program, enter this code and we'll open the tunnel for you' would be perfect. needless to say this is over the internet and would have to be 100% secure and encrypted, however.

Aaron

Posted 2011-04-07T11:03:22.447

Reputation: 864

Answers

I would look into a generic SSH daemon for Windows. OpenSSH (free, but difficult to configure and you may be stuck in a POSIX environment) or Bitvise's WinSSHD (easy to set up but not free) are two possibilities. WinRM is the Microsoft solution to this problem, however.

Another alternative is to use Sysinternal's PSExec. I have in the past written batch files which copy a second batch file using Administrative shares (\\C$) to the remote system, and then PSExec will launch that second batch file. That works well on clients, but I'd be hesitant about doing it on servers.

You could always be a Bad Admin(TM) and enable the Telnet Server on older Windows clients, and then disable it again once you're finished!

Bacon Bits

Posted 2011-04-07T11:03:22.447

Reputation: 6 125

psexec is not much more secure than Telnet. Both use plain text for everything except authentication. (Windows Telnet server and client use NTLM by default. Admittedly, they can't do Kerberos, whereas it is possible for SMB, which psexec uses.) – user1686 – 2011-04-08T14:47:11.047

Also, re "copy a second batch file using Administrative shares": \\server\ADMIN$, the default for psexec -c, would be just a little better, in case the machine happens to not have a C:. (99% of the time, this is something that only I worry about.) – user1686 – 2011-04-08T14:51:01.950

i completetly agree using a ssh daemon. I use BitVise Winsshd. Its extremely simple to configure and very powerful at the same time. The responsiveness of the remote shell is perfect. – mjsr – 2011-04-10T22:21:45.960

Somehow managed to miss the "over-the-Internet" part of the last line. I would use SSH or a VPN to ensure security, as, yeah, the other methods are only feasible on a LAN. – Bacon Bits – 2011-04-10T22:59:53.997

todays answer to this question is probably: powershell remoting before I got into it I used http://www.freesshd.com/ which is a very simple to setup windows ssh service (to connect to with putty)

Basically, to enable Powershell remoting on machine "pc1" with ip "10.11.12.13" start powershell (Version 2.0 and newer) as admin on "pc1" and type

enable-psremoting

To connect to "pc1" from "pcadmin" you type this on "pcadmin"

enter-pssession 10.11.12.13 -credentials userNameOfpc1

I write "basically because there are some (a handfull, but not difficult) security configurations to make, but these depend on the environment (domain, trust...)

eli

Posted 2011-04-07T11:03:22.447

Reputation: 436

Sounds like you are after something like /n Software's Powershell SSH Server or Quest's PowerGui Pro Mobile Shell.

For me, lacking company support for those fancy alternatives, I start a VPN session and use the directions found in the eBook: Layman’s Guide to PowerShell 2.0 Remoting.

Nathan Hartley

Posted 2011-04-07T11:03:22.447

Reputation: 107