1
00:00:00,240 --> 00:00:04,200
Okay, so now that we've added trusted host entries,

2
00:00:04,200 --> 00:00:05,510
we've also got the credentials,

3
00:00:05,510 --> 00:00:10,340
our next task is to look at creating and removing PowerShell sessions,

4
00:00:10,340 --> 00:00:11,940
which is really the objective here,

5
00:00:11,940 --> 00:00:17,340
is how do we connect and create sessions for management?

6
00:00:17,340 --> 00:00:19,940
So to create PowerShell sessions,

7
00:00:19,940 --> 00:00:23,130
we can use what's referred to as the ‑ComputerName parameter.

8
00:00:23,130 --> 00:00:27,400
Now, not every cmdlet in PowerShell provides this, but some of them do.

9
00:00:27,400 --> 00:00:30,490
So we can actually go in and say execute this command,

10
00:00:30,490 --> 00:00:34,930
blah blah blah, ‑ComputerName and then pass the name of the

11
00:00:34,930 --> 00:00:38,040
computer we want to execute the command on.

12
00:00:38,040 --> 00:00:41,540
And what that will do is, as long as remoting is enabled,

13
00:00:41,540 --> 00:00:45,900
it will then send the commands directly over to that machine and

14
00:00:45,900 --> 00:00:50,430
then execute them and return any information back.

15
00:00:50,430 --> 00:00:55,490
The second option is to utilize what's called Invoke‑Command. Invoke‑Command

16
00:00:55,490 --> 00:00:59,280
allows me to say this is the machine or set of machines,

17
00:00:59,280 --> 00:01:02,270
invoke the command on those machines,

18
00:01:02,270 --> 00:01:05,640
and it will do the same thing as using the ‑ComputerName.

19
00:01:05,640 --> 00:01:09,540
We also have what's called using Interactive PowerShell sessions.

20
00:01:09,540 --> 00:01:13,000
Now an interactive PowerShell session is effectively that.

21
00:01:13,000 --> 00:01:17,740
It's as if you are on the other machine writing commands,

22
00:01:17,740 --> 00:01:20,440
and they are executing.

23
00:01:20,440 --> 00:01:23,740
So how do we create a session using the Invoke‑Command?

24
00:01:23,740 --> 00:01:23,980
Well,

25
00:01:23,980 --> 00:01:28,340
you can see from here the Invoke‑Command also takes a ‑ComputerName property.

26
00:01:28,340 --> 00:01:33,150
So in this instance, I'm going to say invoke this command on this computer,

27
00:01:33,150 --> 00:01:36,600
so 10.0.0.5, so probably our Active Directory Server,

28
00:01:36,600 --> 00:01:41,390
and then the ScriptBlock is what I want to execute,

29
00:01:41,390 --> 00:01:44,940
so in this instance it's going to be another PowerShell command.

30
00:01:44,940 --> 00:01:48,700
So what you can expect from here is I want to get the computer

31
00:01:48,700 --> 00:01:53,340
information from the Globomantics Active Directory Server.

32
00:01:53,340 --> 00:01:55,000
I'm going to execute this command.

33
00:01:55,000 --> 00:01:58,030
It's going to run Get‑ComputerInfo over there,

34
00:01:58,030 --> 00:02:00,330
and then return the values back to me.

35
00:02:00,330 --> 00:02:01,180
Now, of course,

36
00:02:01,180 --> 00:02:04,220
what happens if you don't want to run an existing PowerShell command,

37
00:02:04,220 --> 00:02:07,240
but you want to run a PowerShell script that you've already

38
00:02:07,240 --> 00:02:09,810
written or saved or copied somewhere?

39
00:02:09,810 --> 00:02:12,800
In that instance, the syntax is the same,

40
00:02:12,800 --> 00:02:16,830
except we don't use ScriptBlock this time; we use FilePath,

41
00:02:16,830 --> 00:02:23,240
and the FilePath is to a location where that PowerShell script belongs.

42
00:02:23,240 --> 00:02:25,460
We can also then create what's referred to as

43
00:02:25,460 --> 00:02:28,450
persistent connections and execute commands.

44
00:02:28,450 --> 00:02:32,330
Now what that means is, we're actually going to create the session first,

45
00:02:32,330 --> 00:02:33,810
a persistent session,

46
00:02:33,810 --> 00:02:37,340
which means it's not going to go away until we kind of close it down.

47
00:02:37,340 --> 00:02:40,350
So that would dictate that when we use an

48
00:02:40,350 --> 00:02:43,240
Invoke‑Command or use the ‑ComputerName,

49
00:02:43,240 --> 00:02:46,140
it's only for a short space of time, which is correct.

50
00:02:46,140 --> 00:02:50,040
So if we want to retain that session for later use,

51
00:02:50,040 --> 00:02:52,840
to be able to drop in and out of the session,

52
00:02:52,840 --> 00:02:57,410
then we first use New‑PSSession, so new PowerShell session,

53
00:02:57,410 --> 00:02:58,620
to the remote computer,

54
00:02:58,620 --> 00:03:02,090
and then once we have that we can then use Invoke‑Command

55
00:03:02,090 --> 00:03:04,520
but instead of passing the ‑ComputerName,

56
00:03:04,520 --> 00:03:08,560
we pass the session that we already created and then

57
00:03:08,560 --> 00:03:10,370
whatever commands we wish to execute.

58
00:03:10,370 --> 00:03:12,620
So fairly straightforward to be able to do that.

59
00:03:12,620 --> 00:03:16,990
So a couple of different ways I've been able to send commands and

60
00:03:16,990 --> 00:03:21,540
PowerShell scripts to remote machines and have them execute.

61
00:03:21,540 --> 00:03:24,230
Now we did talk about using interactive sessions.

62
00:03:24,230 --> 00:03:24,710
Now,

63
00:03:24,710 --> 00:03:28,240
an interactive session requires us to use something called

64
00:03:28,240 --> 00:03:31,000
Enter‑PSSession or maybe New‑PSSession.

65
00:03:31,000 --> 00:03:34,580
If I choose Enter‑PSSession,

66
00:03:34,580 --> 00:03:39,260
this will connect to a PowerShell session on that remote computer.

67
00:03:39,260 --> 00:03:44,200
And basically, it means that my commands in my session are those ones.

68
00:03:44,200 --> 00:03:47,160
That's exactly how things would work if you are,

69
00:03:47,160 --> 00:03:50,220
again, connecting to some of the Microsoft services in the cloud,

70
00:03:50,220 --> 00:03:54,910
for example, like Exchange Online, you'll connect into a PowerShell session,

71
00:03:54,910 --> 00:03:57,940
and then you're able to execute commands.

72
00:03:57,940 --> 00:04:00,850
Now, if we use the New‑PSSession,

73
00:04:00,850 --> 00:04:06,170
we can create a brand‑new PowerShell session that we can of course re‑utilize,

74
00:04:06,170 --> 00:04:09,690
which means, again, we can utilize the persistent option.

75
00:04:09,690 --> 00:04:13,700
So persistent just means that we create a new PowerShell session,

76
00:04:13,700 --> 00:04:18,540
put it into a variable, and it becomes usable to us later.

77
00:04:18,540 --> 00:04:23,850
We can also connect to a PowerShell session on a specific computer by using

78
00:04:23,850 --> 00:04:27,210
different credentials, or even the port can be different.

79
00:04:27,210 --> 00:04:29,010
Now of course, this needs to be configured,

80
00:04:29,010 --> 00:04:32,730
but you can simply say, well, when I connect to this machine,

81
00:04:32,730 --> 00:04:36,340
I want to pass this credential versus this credential.

82
00:04:36,340 --> 00:04:38,810
Now remember the combination of things that we need here.

83
00:04:38,810 --> 00:04:39,240
So,

84
00:04:39,240 --> 00:04:43,970
if you're trying to connect to the Globomantics File Server but the

85
00:04:43,970 --> 00:04:47,140
workstation that you're on is not on the domain,

86
00:04:47,140 --> 00:04:49,500
then you're going to be passing in credentials that

87
00:04:49,500 --> 00:04:54,440
are not part of the workstation, but you'll also need to be a trusted host.

88
00:04:54,440 --> 00:04:57,950
Now of course, finally, we can also remove PowerShell sessions,

89
00:04:57,950 --> 00:05:02,270
so Remove‑PSSession will basically remove a session that exists,

90
00:05:02,270 --> 00:05:04,770
but, of course, we need to know what those are.

91
00:05:04,770 --> 00:05:08,530
So to retrieve any of the PowerShell sessions that might exist,

92
00:05:08,530 --> 00:05:10,430
we can choose Get‑PSSession.

93
00:05:10,430 --> 00:05:14,170
That will list them all out with a unique identifier,

94
00:05:14,170 --> 00:05:18,090
and then we can either enter them, remove them,

95
00:05:18,090 --> 00:05:23,340
or just retrieve details about the sessions.

96
00:05:23,340 --> 00:05:25,830
Okay, so let's talk about Globomantics sessions.

97
00:05:25,830 --> 00:05:29,700
So, we're back to our diagram here, so we have Active Directory Server,

98
00:05:29,700 --> 00:05:33,540
we have File Server, and then we have an admin workstation.

99
00:05:33,540 --> 00:05:38,200
We know that the ones on the left are all connected to the domain,

100
00:05:38,200 --> 00:05:39,120
and, of course,

101
00:05:39,120 --> 00:05:43,940
we can create Session 1 and Session 2 because they are different machines.

102
00:05:43,940 --> 00:05:45,620
So in the right‑hand side here,

103
00:05:45,620 --> 00:05:47,830
you'll see that I'm going to create some variables,

104
00:05:47,830 --> 00:05:52,930
so $s1 equals the IP address of Active Directory Server,

105
00:05:52,930 --> 00:05:57,940
and $s2 is the variable for the File Server IP address.

106
00:05:57,940 --> 00:05:59,650
Now to connect to them,

107
00:05:59,650 --> 00:06:04,650
I can simply say Enter‑PSSession and tell it that the session I wish to

108
00:06:04,650 --> 00:06:09,990
connect to is the IP address of the Active Directory Server and then have it

109
00:06:09,990 --> 00:06:14,140
go and execute that command, such as Get‑ComputerInfo.

110
00:06:14,140 --> 00:06:20,390
I could then in the same console do Enter‑PSSession and this time connect to

111
00:06:20,390 --> 00:06:24,740
the separate session and, obviously, run that same command.

112
00:06:24,740 --> 00:06:26,910
So you can see from a PowerShell perspective,

113
00:06:26,910 --> 00:06:31,300
we're able to kind of drop in and out as we need to and connect to not

114
00:06:31,300 --> 00:06:36,240
just one machine but multiple machines at the same time.

115
00:06:36,240 --> 00:06:40,920
Now from a PowerShell session management, we have some core capabilities.

116
00:06:40,920 --> 00:06:44,760
The first one is the ability to get an existing session or

117
00:06:44,760 --> 00:06:48,700
list of sessions, and once you have a session, then we can

118
00:06:48,700 --> 00:06:51,140
enter back into that session.

119
00:06:51,140 --> 00:06:55,140
We can also create new or remove sessions as needed,

120
00:06:55,140 --> 00:06:58,740
so New‑PSSession or Remove‑PSSession.

121
00:06:58,740 --> 00:07:02,940
We also have the ability to exit from a session if we need to.

122
00:07:02,940 --> 00:07:07,000
We can also then reconnect into a session, as well as

123
00:07:07,000 --> 00:07:10,940
importing and exporting in and out of a session, and then

124
00:07:10,940 --> 00:07:14,240
we can enter a session as well.

125
00:07:14,240 --> 00:07:18,250
Now, when we create the sessions, it's not just a every

126
00:07:18,250 --> 00:07:20,940
connection is the same. It can be different.

127
00:07:20,940 --> 00:07:26,030
So we have the ability of modifying the session properties that

128
00:07:26,030 --> 00:07:29,440
would be utilized for a specific session.

129
00:07:29,440 --> 00:07:34,530
This is done by utilizing what's called the New‑PSSessionOption command.

130
00:07:34,530 --> 00:07:39,940
This allows me to set specific properties such as compression,

131
00:07:39,940 --> 00:07:43,300
access properties, certificate settings,

132
00:07:43,300 --> 00:07:47,860
encryption capabilities, language, application arguments,

133
00:07:47,860 --> 00:07:49,770
as well as any of the timeouts.

134
00:07:49,770 --> 00:07:54,260
So we can define a new PowerShell session option,

135
00:07:54,260 --> 00:07:56,980
and when we initiate the session, let's say,

136
00:07:56,980 --> 00:08:02,240
from our admin workstation to the Active Directory Server in the domain,

137
00:08:02,240 --> 00:08:08,740
I can set various properties to ensure that it connects in a certain way.

138
00:08:08,740 --> 00:08:10,840
Now to create session options,

139
00:08:10,840 --> 00:08:16,440
we can set a default one by just using New‑PSSessionOption.

140
00:08:16,440 --> 00:08:19,770
What we can do instead is we can define specific

141
00:08:19,770 --> 00:08:21,480
session options for what we're using.

142
00:08:21,480 --> 00:08:25,840
So for example, here I'm creating a new PowerShell session option.

143
00:08:25,840 --> 00:08:30,480
I'm then setting the timeout for open connection, I'm turning off encryption,

144
00:08:30,480 --> 00:08:35,350
and I'm using the UICulture or the language to be, the current language culture

145
00:08:35,350 --> 00:08:40,020
that's used there. To utilize this in a connection, we can then choose

146
00:08:40,020 --> 00:08:43,280
New‑PSSession ‑ComputerName, as we did before,

147
00:08:43,280 --> 00:08:47,240
and then you'll notice a new property called ‑SessionOption that

148
00:08:47,240 --> 00:08:51,190
allows me to pass the options into that connection.

149
00:08:51,190 --> 00:08:53,530
Now what that means is that the connection will

150
00:08:53,530 --> 00:08:55,540
adhere to the various properties,

151
00:08:55,540 --> 00:09:04,000
but it also means that when we retrieve any of the sessions, so Get‑PSSession, you'll see some of those extra properties listed in there.