1
00:00:00,040 --> 00:00:05,000
So let's go into our environment, and we'll first look at how we enable

2
00:00:05,000 --> 00:00:09,000
PowerShell Remoting, and we'll look at using WSMan first and the standard

3
00:00:09,000 --> 00:00:13,620
Windows 10 defaults, and then we'll go through the SSH configuration for

4
00:00:13,620 --> 00:00:19,220
both Windows 10 and also Linux. Our last task will be to review the Group

5
00:00:19,220 --> 00:00:25,060
Policy creation for PowerShell Remoting for if we were wanting to send it to

6
00:00:25,060 --> 00:00:30,320
multiple servers in our server farm. This is the Windows 10 administration

7
00:00:30,320 --> 00:00:31,160
workstation.

8
00:00:31,160 --> 00:00:33,820
This one, however, is connected to the domain,

9
00:00:33,820 --> 00:00:36,940
so this is connected to our training network.

10
00:00:36,940 --> 00:00:40,660
Now, when we want to configure PowerShell Remoting, there's a

11
00:00:40,660 --> 00:00:42,350
couple of different ways that we can do this.

12
00:00:42,350 --> 00:00:45,050
The first one is to use what's called WSMan,

13
00:00:45,050 --> 00:00:47,240
which is the standard communication.

14
00:00:47,240 --> 00:00:51,840
Now I'm going to launch here the Windows terminal. So, I've already

15
00:00:51,840 --> 00:00:54,950
installed this here. I'm going to say Run as administrator.

16
00:00:54,950 --> 00:00:56,400
Now just as a side note,

17
00:00:56,400 --> 00:00:59,800
often it's really good to run it as administrator just

18
00:00:59,800 --> 00:01:02,900
purely based on the fact that it won't, you know,

19
00:01:02,900 --> 00:01:04,910
have any limitations on permissions.

20
00:01:04,910 --> 00:01:07,140
So I'm going to make this a little bit bigger.

21
00:01:07,140 --> 00:01:11,480
So, I'm logged into my PowerShell console. Now the first thing

22
00:01:11,480 --> 00:01:17,120
that we can do is use a command called Set‑WSMan,

23
00:01:17,120 --> 00:01:22,050
and then it will be QuickConfig. Now, let me just get rid of that,

24
00:01:22,050 --> 00:01:28,130
Quick, and we can obviously tab through certain values if we need to,

25
00:01:28,130 --> 00:01:30,940
so QuickConfig, and I can press Enter here.

26
00:01:30,940 --> 00:01:34,540
Now when we press Enter at this point, we get the

27
00:01:34,540 --> 00:01:37,110
option to see what it's going to do.

28
00:01:37,110 --> 00:01:39,930
So when we run this specific command,

29
00:01:39,930 --> 00:01:44,150
what it will do is go through and perform those five

30
00:01:44,150 --> 00:01:45,960
specific tasks that are outlined.

31
00:01:45,960 --> 00:01:51,300
It will check whether the WinRM service is running. It will then

32
00:01:51,300 --> 00:01:54,880
set the service to make sure that when it reboots it starts

33
00:01:54,880 --> 00:01:59,740
automatically. It will then create the listener so that we can

34
00:01:59,740 --> 00:02:02,850
connect using that session,

35
00:02:02,850 --> 00:02:06,060
then it will enable any of the firewall exceptions for the

36
00:02:06,060 --> 00:02:08,510
communication, and then it will make sure that the

37
00:02:08,510 --> 00:02:10,490
authentication services are running.

38
00:02:10,490 --> 00:02:15,110
Now, I'm actually going to press no here because this is the training machine,

39
00:02:15,110 --> 00:02:17,640
the actual client workstation.

40
00:02:17,640 --> 00:02:20,760
What we're going to do is actually swap machines now, and

41
00:02:20,760 --> 00:02:25,340
we'll connect to the Active Directory server.

42
00:02:25,340 --> 00:02:27,160
So this is the Active Directory server.

43
00:02:27,160 --> 00:02:29,380
We can see this by going to the Start menu,

44
00:02:29,380 --> 00:02:33,050
Admin Tools, and you can see I've got Active Directory Users and Computers,

45
00:02:33,050 --> 00:02:36,720
etc., and you'll see our domain training. Now what I want to

46
00:02:36,720 --> 00:02:39,300
do is obviously enable PowerShell here.

47
00:02:39,300 --> 00:02:41,430
So I'm going to go to the PowerShell option.

48
00:02:41,430 --> 00:02:43,580
I'm going to right‑click here and choose Run as

49
00:02:43,580 --> 00:02:46,390
administrator, or I can run the ISE.

50
00:02:46,390 --> 00:02:50,800
For the purposes of this, I'm going to choose ISE and run it as administrator.

51
00:02:50,800 --> 00:02:54,980
Going forward, I would make a recommendation that you would utilize

52
00:02:54,980 --> 00:02:58,740
something like the Windows terminal instead of this.

53
00:02:58,740 --> 00:03:01,190
Now the reason we do this is because I can write the script in

54
00:03:01,190 --> 00:03:03,740
the top and see the execution in the bottom.

55
00:03:03,740 --> 00:03:10,690
So let me, once again, go here, WSManQuickConfig, and then if I go here,

56
00:03:10,690 --> 00:03:13,930
you'll see that I've got some various options available to me.

57
00:03:13,930 --> 00:03:17,350
So the first one is to use SSL. This means instead of

58
00:03:17,350 --> 00:03:23,020
creating the default HTTP connection, it will create an SSL connection.

59
00:03:23,020 --> 00:03:24,640
Now we're not going to utilize that.

60
00:03:24,640 --> 00:03:29,830
We also have another option called SkipNetworkProfileCheck. There's a 1

61
00:03:29,830 --> 00:03:34,440
to 1 relationship between the type of the network that it's connected to,

62
00:03:34,440 --> 00:03:38,400
as in what that machine sees it as, and you may have seen this at the

63
00:03:38,400 --> 00:03:42,170
domain profiles where it's public, private, and internal, etc.

64
00:03:42,170 --> 00:03:46,440
So you can check this option and say, actually, I

65
00:03:46,440 --> 00:03:48,490
want to skip that profile check.

66
00:03:48,490 --> 00:03:53,840
I can also come in, and I can use Force as well if I needed to. Now we'll just

67
00:03:53,840 --> 00:03:57,210
use Set‑WSManQuickConfig. I'm going to execute this here,

68
00:03:57,210 --> 00:04:00,740
select, and you'll see instead of it presenting it in

69
00:04:00,740 --> 00:04:02,180
the window like we did a moment ago,

70
00:04:02,180 --> 00:04:06,550
it props up a box. I'm going to choose yes, and it comes back

71
00:04:06,550 --> 00:04:09,760
and says WinRM is already set up to receive requests. It's

72
00:04:09,760 --> 00:04:11,460
already set for remote management.

73
00:04:11,460 --> 00:04:15,450
So what did that do if I hadn't got it enabled?

74
00:04:15,450 --> 00:04:20,020
Well, it would've gone through and configured all those components.

75
00:04:20,020 --> 00:04:25,370
So, for example, if I just press the Start menu here and type firewall,

76
00:04:25,370 --> 00:04:28,690
I can say check the firewall status here. I can then go to

77
00:04:28,690 --> 00:04:32,060
Advanced settings at the firewall. And if I make this a little

78
00:04:32,060 --> 00:04:34,640
bit bigger, we can scroll across,

79
00:04:34,640 --> 00:04:37,740
go to Inbound Rules. And then what you'll see is you've

80
00:04:37,740 --> 00:04:39,930
got a list of all the rules here.

81
00:04:39,930 --> 00:04:41,560
If we scroll up and down,

82
00:04:41,560 --> 00:04:46,270
you'll see that the Windows Remote Management pieces are now

83
00:04:46,270 --> 00:04:51,110
enabled because as part of that process it enabled those. So,

84
00:04:51,110 --> 00:04:53,220
you'll see that that's one of the components.

85
00:04:53,220 --> 00:04:55,430
It will have enabled the services also.

86
00:04:55,430 --> 00:05:01,240
So if I click the Start menu here and just type services,

87
00:05:01,240 --> 00:05:04,100
go here, we'll expand this a little bit.

88
00:05:04,100 --> 00:05:06,140
I'm going to put it in standard view,

89
00:05:06,140 --> 00:05:08,930
make this a little bit bigger, and we'll scroll all the way down

90
00:05:08,930 --> 00:05:12,250
to the bottom, and what you'll see is we're looking for the

91
00:05:12,250 --> 00:05:16,330
Windows Remote, and there's our WS‑Management service, which is

92
00:05:16,330 --> 00:05:18,640
automatically running as well.

93
00:05:18,640 --> 00:05:21,650
So when you enable it using any of those options,

94
00:05:21,650 --> 00:05:24,590
whether it's Set‑WSManQuickConfig or something else,

95
00:05:24,590 --> 00:05:26,000
it will turn these on.

96
00:05:26,000 --> 00:05:32,740
Now the other option is that we can actually say Enable‑PSRemoting.

97
00:05:32,740 --> 00:05:35,590
Now when we look at the properties, you'll notice we get the same thing,

98
00:05:35,590 --> 00:05:40,400
so Force and Skip, but if we execute just Enable, what you'll

99
00:05:40,400 --> 00:05:45,460
see is this goes ahead and just automatically tries to configure

100
00:05:45,460 --> 00:05:54,000
PS Remoting. This is the one that you would run on the client side, on the server side, depending on how you wanted to try and communicate.