1
00:00:00,340 --> 00:00:02,940
So what is PowerShell remoting?

2
00:00:02,940 --> 00:00:04,630
Well if we were to sum this up,

3
00:00:04,630 --> 00:00:07,910
it's a PowerShell feature that allows you as the

4
00:00:07,910 --> 00:00:12,040
administrator to execute commands on remote systems.

5
00:00:12,040 --> 00:00:13,720
So fairly straightforward really,

6
00:00:13,720 --> 00:00:17,960
just I can connect from my workstation to something else.

7
00:00:17,960 --> 00:00:20,790
Now from a PowerShell remoting perspective, how does this work?

8
00:00:20,790 --> 00:00:26,340
Well, imagine that we have a local computer and then we have a remote computer.

9
00:00:26,340 --> 00:00:31,940
On the local computer, there's a PowerShell executable called powershell.exe.

10
00:00:31,940 --> 00:00:37,400
That process makes a connection out using WSMan, or HTTP,

11
00:00:37,400 --> 00:00:39,640
which is the default for Windows 10,

12
00:00:39,640 --> 00:00:44,760
and then it makes a connection out to the remote computer where it also

13
00:00:44,760 --> 00:00:50,600
has an HTTP listener waiting for a request coming in.

14
00:00:50,600 --> 00:00:55,410
It listens for that request, which is then tied to the WinRM service,

15
00:00:55,410 --> 00:00:58,590
which we'll talk about, which is the Windows Remote Management service.

16
00:00:58,590 --> 00:01:02,430
And then that is connected directly to the PowerShell

17
00:01:02,430 --> 00:01:07,940
executable on that remote machine, which then will return a response back,

18
00:01:07,940 --> 00:01:12,780
and then you end up with, effectively, like a VPN tunnel between two machines.

19
00:01:12,780 --> 00:01:17,550
Not really a VPN tunnel, but the session is connected over specific protocols,

20
00:01:17,550 --> 00:01:24,040
in this case HTTP, and then the commands can run from one to another.

21
00:01:24,040 --> 00:01:28,830
Now PowerShell remoting itself allows us to connect to other machines,

22
00:01:28,830 --> 00:01:31,200
but there are four things that it does for us.

23
00:01:31,200 --> 00:01:35,040
It will manage the connection between the two,

24
00:01:35,040 --> 00:01:38,680
it allows us to pass credentials, or authenticate

25
00:01:38,680 --> 00:01:42,240
between the two or multiple machines,

26
00:01:42,240 --> 00:01:45,850
it then allows us to execute those commands through

27
00:01:45,850 --> 00:01:47,900
that tunnel that's now been created.

28
00:01:47,900 --> 00:01:51,120
And then what's really special is it returns the

29
00:01:51,120 --> 00:01:53,380
output from the remote machines.

30
00:01:53,380 --> 00:01:55,940
So if I execute a command, for example,

31
00:01:55,940 --> 00:01:58,770
that says get me the name of the computer,

32
00:01:58,770 --> 00:02:02,140
and I run it from my workstation, which is called Liam,

33
00:02:02,140 --> 00:02:04,990
and the other workstation is called Test,

34
00:02:04,990 --> 00:02:08,590
when I execute the command through the session,

35
00:02:08,590 --> 00:02:16,000
I will end up with it returning back Test, not Liam, because I executed the command remotely.