Windows Remote Execution

This article compares different ways to run commands or executable remotely on one or multiple windows computers. I have came up with 4 option:

- WMI script

- WMIC

- Power Shell

- PSExac

- Task Scheduler

Those options are build in in Operating System with exception of PSexec that is part of system internal tools (now part of Microsoft) also available to download for free. There are many 3-rd party products that can execute command remotely like Microsoft System Center Configuration Manager, Microsoft System Center Operation manager, IBM Tivoli, 1E, BNC, HP OpenView, Novell ZenWork, but all of them requires that you have an agent installed on remote computer.

Differences between methods

I made a small comparison chart that summarizes the differences between these methods:

Syntax Examples:

WMIC"

WMIC /node:ComputerName process create call "cmd.exe /c ipconfig /all >c:\ipconfig.txt"

wmic /NODE: "RemoteComputer bios get serialnumber

PSexec:

psexec \\computername ipconfig /all

Task Scheduler:

SCHTASKS /create /tn "My test Script" /tr "\"c:\script.cmd\" arguments" /sc daily /sd 3/29/2015 /st 11:00

WMI Script:

' Initiate WMI connection to remote computer

'--------------------------------------------------------------------------

Set objWMIService = GetObject("winmgmts:& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2:Win32_Process")

' Run script

'-----------------------------------------------------------------------------

Return = objWMIService.Create(strCmd,null,null,intProcessID)

if Return = 0 Then

Wscript.Echo strCmd & " Started with a process ID of & intProcessID & "."

Else

Wscript.Echo strCmd & " Could not be started. Error: " & Return & "."

End If

Power Shell Remote Execution

To automate administration with Windows PowerShell Remoting, follow these steps:

Enable Windows PowerShell Remoting on the remote computer by running the following command in an elevated PowerShell session:

Enable-PSRemoting -Force

Ensure that the WinRM service is started and set to automatic startup by running the following command:

Set-Service -Name WinRM -StartupType Automatic

Ensure that the Windows Firewall is configured to allow incoming remote connections by running the following command:

Enable-NetFirewallRule -Name "WINRM-HTTP-In-TCP"

Test the remote connection by running the following command:

Test-WSMan <remote_computer_name>

Once you have verified that the remote connection is working, you can use the Enter-PSSession cmdlet to establish a remote PowerShell session with the remote computer:

Enter-PSSession -ComputerName <remote_computer_name>

You can then execute PowerShell commands on the remote computer as if you were sitting in front of it.

Note that for this to work, both the local and remote computers must be running Windows PowerShell 2.0 or later, and they must be joined to the same domain or have a trust relationship established between them.

Using PowerShell Remoting, you can automate a wide range of administrative tasks, from running simple commands on remote computers to deploying software and configuring system settings. With the right tools and knowledge, PowerShell Remoting can be a powerful and efficient way to manage your Windows infrastructure.

Note, Scripts deployed through Intune are ran as administrator/system and don't require any local policy change to allow the execution of PowerShell scripts on the device.

If we have Intune or MECM, then we can deploy following PowerShell Script to enable and configure PowerShell remoting:

# Enable WinRM

Enable-PSRemoting -Force

# Set WinRM -StartupType as "Automatic"

Set-Service -Name WinRM -StartupType Automatic

# Configure Firewall to allows TCP the local port (5985), the direction of the traffic (inbound), and the profile (domain).

Enable-NetFirewallRule -Name "WINRM-HTTP-In-TCP"

# Start WinRM

Start-Service -Name WinRM

Once you have enabled Power Shell remoting , you can also use PowerShell ISE:

Google Sites

Report abuse