Sunday, July 10, 2022

PowerShell 005 - PowerShell Remoting

PowerShell Remoting
PowerShell has the ability to connect remotely into other devices and run cmdlets from the device(s) as if you were executing cmdlets on your own device. This requires the service, WinRM, to be running. If you have admin privileges for a device on your network, this can be enabled remotely by using the following cmdlet:


        Get-Service -name winrm -ComputerName [Hostname] | Set-Service -Status running

With this line we start by getting the service, selected by name, on target [Hostname], and then pipe | the retrieved service (WinRM) into the cmdlet to set the status of the service as “running” or in other words turns the service on. Once WinRM is running, we can you the cmdlet:


        Enter-PSSession [Hostname]

If this cmdlet was successful, you will be running any additional cmdlets as the target device, using the resources available to that system. You can end this PowerShell session with the cmdlet:


        Exit

After you run this your cmdlets will once again be running from your device as normal.


Additional Commands
PowerShell remoting is a powerful tool and can be used to do many things without interrupting the end-user. Some examples of what you can do once connected to a device are:


        Whoami /all

Lists who is currently logged in, Security Identifiers (SID), privileges and group memberships.


        Systeminfo

Displays info about the computer and its operating system.


        Get-WmiObject -Class Win32_Product | select name

A list of all applications installed to the device.


        Start-Process [Filepath]

        End-Process [Processname OR a partial process name with *on each side*]

Remote install software, start or end a program. Many programs can be installed silently (does not disturb the end-user), but each software has its own syntax for this.


Resource: Silent Install HQ - Database on silent install syntax for many applications.