Active Directory - Configure Windows Remote Management (WinRM)
WinRM is a service that is started on Windows Server 2008 and above. The server side listener must be configured on all hosts before they will accept requests. In order for this configuration to be secure, all connections should be over HTTPS.
In order to perform these tasks securely WinRM should be configured to use SSL to encrypt all of its traffic. This will require that each host has a valid Server Authentication certificate with a CN matching the hostname.
The following command will configure WinRM:
winrm quickconfig -transport:https
Verify that TCP/5986 is open in the firewall and you should be all set. Be sure to use the computer name as it appears in the CN of the server certificate and the "-UseSSL" argument.
Now you should be able to use the following commands:
Run a command on a remote server
Invoke-Command -computer computer.domain.tld -scriptblock {Get-Service Server} -UseSSL
Run a local script on a remote server
Invoke-Command -computer computer.domain.tld -FilePath C:\scripts\test.ps1 -UseSSL
Execute a command multiple remote servers:
$Servers = @("RemoteHost1.domain.tld ", "RemoteHost2.domain.tld ", "RemoteHost3.domain.tld ") Invoke-Command -ComputerName $Servers -ScriptBlock {Get-Service Server}
Force Group Policy Update on all Domain Controllers
Invoke-Command -comp $((Get-ADComputer -f * -searchbase "ou=domain controllers,dc=domain,dc=tld").dnshostname) -ScriptBlock {gpupdate /target:computer /force} -UseSSL
Connect to a local/remote computer by name:
Enter-PSSession -ComputerName RemoteHost.domain.tld -UseSSL