1
00:00:00,540 --> 00:00:04,030
So let's talk about enabling PowerShell Remoting so we can

2
00:00:04,030 --> 00:00:07,410
execute some of these commands and use some of those

3
00:00:07,410 --> 00:00:09,940
benefits that are offered to us.

4
00:00:09,940 --> 00:00:14,410
So first off, we have to understand remote connections and what that means.

5
00:00:14,410 --> 00:00:17,840
Now PowerShell Remoting was primarily designed for

6
00:00:17,840 --> 00:00:21,350
connecting and managing server farms, etc.,

7
00:00:21,350 --> 00:00:24,880
workstations within an enterprise environment, somewhere where there's an

8
00:00:24,880 --> 00:00:28,070
Active Directory server. So you have an Active Directory server,

9
00:00:28,070 --> 00:00:32,460
you have servers that are connected to that domain as members, and you

10
00:00:32,460 --> 00:00:36,440
have workstations that are also connected. That's what it was

11
00:00:36,440 --> 00:00:41,130
originally designed for because there's inherent trust built in to the

12
00:00:41,130 --> 00:00:44,340
workstations, and the domain, and the servers, and so passing

13
00:00:44,340 --> 00:00:47,580
credentials doesn't tend to be an issue because we're all part of the

14
00:00:47,580 --> 00:00:54,240
same happy family. Now, PowerShell Remoting works great that way; however,

15
00:00:54,240 --> 00:00:58,330
it can also work in environments where we're not members of a domain or we're

16
00:00:58,330 --> 00:01:03,520
in a different platform other than Windows. To achieve this, there are three

17
00:01:03,520 --> 00:01:06,440
kind of protocols that are used for the connections.

18
00:01:06,440 --> 00:01:09,450
The first one, I already mentioned this, is HTTP, which

19
00:01:09,450 --> 00:01:11,510
is the Windows 10 default option.

20
00:01:11,510 --> 00:01:15,230
So if you want to enable PowerShell Remoting, the default connection is

21
00:01:15,230 --> 00:01:20,290
HTTP. Now, of course, we can change that one to HTTPS. This will require

22
00:01:20,290 --> 00:01:26,140
you as IT at Globomantics to acquire, provision, and manage certificates

23
00:01:26,140 --> 00:01:29,740
in order for that to work, and it's actually quite a complicated option

24
00:01:29,740 --> 00:01:31,240
if you wish to use that.

25
00:01:31,240 --> 00:01:34,360
So Microsoft understood this and realized that for lots of

26
00:01:34,360 --> 00:01:37,950
organizations it was just a no go, and so most of the time,

27
00:01:37,950 --> 00:01:41,140
it was HTTP or WSMan connections.

28
00:01:41,140 --> 00:01:46,400
Now, of course, what Microsoft also realized is that not every environment runs

29
00:01:46,400 --> 00:01:51,070
just Windows. Maybe you're one of those environments where you run Linux or

30
00:01:51,070 --> 00:01:54,040
other applications that are not Microsoft Windows.

31
00:01:54,040 --> 00:01:58,360
So SSH has been available since PowerShell Core version 6 or

32
00:01:58,360 --> 00:02:02,510
higher, and this allows cross‑platform connecting, but it can

33
00:02:02,510 --> 00:02:04,660
also work within Windows as well.

34
00:02:04,660 --> 00:02:07,550
So if you don't want to use HTTP or HTTPS,

35
00:02:07,550 --> 00:02:11,500
you can actually allow remote connections to Windows and Linux over

36
00:02:11,500 --> 00:02:14,630
SSH. And so we'll talk about both of these options,

37
00:02:14,630 --> 00:02:18,940
the HTTP WSMan version and the SSH, and we'll kind of walk

38
00:02:18,940 --> 00:02:20,890
through the process of how we enable that.

39
00:02:20,890 --> 00:02:25,190
So let's first look at how we enable PowerShell Remoting for WSMan.

40
00:02:25,190 --> 00:02:28,960
Now we have two core options that we can utilize when using

41
00:02:28,960 --> 00:02:31,960
PowerShell. Now the first one is to use a command called

42
00:02:31,960 --> 00:02:34,480
Set‑WSManQuickConfig. By the way,

43
00:02:34,480 --> 00:02:38,620
I love commands like this that basically tell me exactly what it's going to do,

44
00:02:38,620 --> 00:02:42,130
and I don't have to do anything. I can literally execute that command, and it

45
00:02:42,130 --> 00:02:47,040
will enable effectively the Windows 10 default. If I wanted to make it a bit

46
00:02:47,040 --> 00:02:50,160
more secure and use SSL, isn't that amazing?

47
00:02:50,160 --> 00:02:53,070
I can literally just put a parameter called ‑UseSSL,

48
00:02:53,070 --> 00:02:55,040
and it will do the same thing.

49
00:02:55,040 --> 00:02:55,450
Now,

50
00:02:55,450 --> 00:02:57,990
the other option that we've got is to use a different command that's

51
00:02:57,990 --> 00:03:02,390
available called Enable‑PSRemoting, and I can do ‑Force to make sure that

52
00:03:02,390 --> 00:03:04,460
goes in. And this is one of the most common.

53
00:03:04,460 --> 00:03:05,100
So for example,

54
00:03:05,100 --> 00:03:08,270
if I was showing you on a Windows 10 machine that I was using

55
00:03:08,270 --> 00:03:11,000
locally I wanted to enable PS Remoting,

56
00:03:11,000 --> 00:03:14,240
I could just run that command. And, of course, one of the

57
00:03:14,240 --> 00:03:17,700
issues that we sometimes get is that depending on how the

58
00:03:17,700 --> 00:03:20,630
network is defined within Windows, whether it's private,

59
00:03:20,630 --> 00:03:23,320
public, etc., we can sometimes have an issue.

60
00:03:23,320 --> 00:03:27,640
So, luckily for us, we have another property called SkipNetworkProfileCheck

61
00:03:27,640 --> 00:03:30,900
that will actually bypass that and then enable PS Remoting.

62
00:03:30,900 --> 00:03:33,800
Now you will need to say yes or no, depending on the

63
00:03:33,800 --> 00:03:35,540
configuration that you wish to go with.

64
00:03:35,540 --> 00:03:38,800
So two kind of core options, one that's going to do the quick

65
00:03:38,800 --> 00:03:41,540
config for you, and it's fairly out of the box.

66
00:03:41,540 --> 00:03:44,740
The other one allows a little bit more flexibility.

67
00:03:44,740 --> 00:03:47,400
Now, of course, if you're not an administrator on the

68
00:03:47,400 --> 00:03:50,170
device, then of course, you can't execute some of these

69
00:03:50,170 --> 00:03:52,210
commands because they make core changes.

70
00:03:52,210 --> 00:03:55,480
So, for those non administrators,

71
00:03:55,480 --> 00:03:59,610
one of the options that we do have is to use a security group.

72
00:03:59,610 --> 00:04:03,090
So we can first define an Active Directory security group,

73
00:04:03,090 --> 00:04:08,360
maybe call it remote users, and then we simply add that security group to the

74
00:04:08,360 --> 00:04:13,140
Remote Management Users group that's local to the computer.

75
00:04:13,140 --> 00:04:18,550
So if we want to say Liam is on his laptop and he doesn't have admin access,

76
00:04:18,550 --> 00:04:21,690
we can grant him access to that one and then to the other

77
00:04:21,690 --> 00:04:24,240
device that he needs to connect to.

78
00:04:24,240 --> 00:04:26,670
Now the other option that we've got is what about if we want

79
00:04:26,670 --> 00:04:29,530
to, as part of our Globomantics management,

80
00:04:29,530 --> 00:04:34,940
we want to be able to remote into multiple machines at the same time.

81
00:04:34,940 --> 00:04:39,450
Now, of course, let's go back to our idea of our server farm having 100 servers.

82
00:04:39,450 --> 00:04:43,620
Now I don't really want to go to every single server and basically run

83
00:04:43,620 --> 00:04:47,620
the PowerShell that says enable PS Remoting, which I have seen people do,

84
00:04:47,620 --> 00:04:50,180
so there has to be a faster and easier way.

85
00:04:50,180 --> 00:04:54,050
Well, sure enough, there is. We can actually utilize Group Policy.

86
00:04:54,050 --> 00:04:57,870
Now what Group Policy does is it basically represents the configuration

87
00:04:57,870 --> 00:05:01,240
changes that the PowerShell would make if we executed it,

88
00:05:01,240 --> 00:05:03,640
but does it as part of a Group Policy.

89
00:05:03,640 --> 00:05:04,350
So to do that,

90
00:05:04,350 --> 00:05:07,660
we open the Group Policy Management tool. We make sure we go to the

91
00:05:07,660 --> 00:05:11,160
Computer Configuration option. We're going to navigate through to the

92
00:05:11,160 --> 00:05:15,520
Windows Remote Management, or the WinRM settings, and then we basically

93
00:05:15,520 --> 00:05:19,740
allow the option for the WinRM service to be enabled, and set up, and

94
00:05:19,740 --> 00:05:23,990
configured. And so it's a fairly painless process, but what's nice about

95
00:05:23,990 --> 00:05:27,760
this is that we make a Group Policy change, all of the servers auto

96
00:05:27,760 --> 00:05:28,300
refresh,

97
00:05:28,300 --> 00:05:32,340
get the new Group Policy, and then the service becomes available

98
00:05:32,340 --> 00:05:35,640
and ready for us to do PowerShell Remoting.

99
00:05:35,640 --> 00:05:41,310
So let's say that we don't want to use WSMan or maybe we have Linux servers

100
00:05:41,310 --> 00:05:46,560
that we wish to utilize, so we can utilize the SSH option instead. Now, of

101
00:05:46,560 --> 00:05:48,810
course, Windows does support that as well.

102
00:05:48,810 --> 00:05:50,690
So in order for us to use it in Windows,

103
00:05:50,690 --> 00:05:55,340
we first install the latest version of Powershell, so PowerShell 7 and upwards.

104
00:05:55,340 --> 00:06:00,070
We'll then install the latest version of OpenSSH. Once that's installed,

105
00:06:00,070 --> 00:06:04,680
we'll then define the SSH configuration, so imagine like a config file

106
00:06:04,680 --> 00:06:09,400
where we can put entries in etc., and then we restart that service to bring

107
00:06:09,400 --> 00:06:11,940
it back up with the new configuration.

108
00:06:11,940 --> 00:06:15,710
Now to do this, we would need to prepare the Windows 10 for that one.

109
00:06:15,710 --> 00:06:20,020
So our first installation task is to put OpenSSH.Client and

110
00:06:20,020 --> 00:06:23,510
Server, and this is done by choosing Add‑WindowsCapability

111
00:06:23,510 --> 00:06:26,140
from online and adding those in.

112
00:06:26,140 --> 00:06:28,390
Now once they're in and installed,

113
00:06:28,390 --> 00:06:31,940
the next task is to make sure that the service that we just added,

114
00:06:31,940 --> 00:06:35,080
so the SSH service, starts up automatically.

115
00:06:35,080 --> 00:06:39,280
Otherwise, every time we reboot the server, we can't SSH back to it.

116
00:06:39,280 --> 00:06:42,520
So at this point, we can say set the service to Automatic, and

117
00:06:42,520 --> 00:06:44,980
then start that service. Now, of course,

118
00:06:44,980 --> 00:06:48,970
what's nice here is when Microsoft starts adding features like this,

119
00:06:48,970 --> 00:06:51,520
they also add other things that we can utilize.

120
00:06:51,520 --> 00:06:54,860
So, for example, we can install an import, Microsoft's PowerShell

121
00:06:54,860 --> 00:06:58,990
Remoting Module, which they created for things like this.

122
00:06:58,990 --> 00:07:03,040
So we'll first install the module, and then import the module.

123
00:07:03,040 --> 00:07:07,840
What this allows us to do is then to execute something that looks very similar

124
00:07:07,840 --> 00:07:12,360
to a previous command, which was called Enable‑PSRemoting, but we can say

125
00:07:12,360 --> 00:07:16,630
Enable‑SSHRemoting, and then we can restart the service.

126
00:07:16,630 --> 00:07:19,320
Then at that point, our Windows 10 environment is

127
00:07:19,320 --> 00:07:22,940
then ready for SSH connections.

128
00:07:22,940 --> 00:07:27,180
Now if we're not using Windows 10, and we actually have Linux into the

129
00:07:27,180 --> 00:07:30,950
equation, so something like Ubuntu, then the process is very similar.

130
00:07:30,950 --> 00:07:35,000
We first install the latest version of PowerShell. We then need to

131
00:07:35,000 --> 00:07:37,620
install the latest OpenSSH server,

132
00:07:37,620 --> 00:07:40,840
so a little bit different, but kind of the same idea.

133
00:07:40,840 --> 00:07:46,890
We then define the SSH configuration, and then we restart the SSH service.

134
00:07:46,890 --> 00:07:50,040
So both platforms are effectively the same,

135
00:07:50,040 --> 00:07:56,000
and that's what's nice about PowerShell being cross‑platform and remoting being cross‑platform.