Administering Remote Computers

Admin operations on remote computers using PowerShell

Find Command and Help Command

#Find command 

Get-Command -Module ChangeMe

#help Command

Help changeMe

Prior to any engagements ensure Remote Signed Policy is on

Set-ExecutionPolicy RemoteSigned

Enable Remote Incomming Connections

Enable-PSremoting

List the commands that contain session configuration

help *sessionconfiguration*

<# use code below to view the session configs of the PC#>

Get-PSSessionConfiguration

To establish a one-to-one connection to a PC

Enter-PSSession -ComputerName "PC_NAME"

#Make the connection persistent
$sessionOption = New-PSSessionOption -IdleTimeout 86400  # Set an idle timeout of 24 hours (86400 seconds)
$PcConn  = New-PSSession –ComputerName 'PC_Here' -SessionOption $sessionOption

#To verify connectivity type the variable name and it will provide the connection session

$PcConn 

To exit a session

Exit-PSSession

To run a command on remote computers by means of remoting and executing the command Get-NetAdapter : Note (Change the -ScriptBlock [theCommand you want executed])

Invoke-Command -ComputerName $pcConn -ScriptBlock {Get-NetAdapter -Physical}

View memebers of Get Process

Get-Process | Get-Member

Display list of modules for LON-DC1 & Search for available module

Get-Module *StringHere* -ListAvailable

#Get Module with Session and a search pipe
    
Get-Module -ListAvailable -PSSession $(SessionName Variable from Persisten Connection)|Get-Module –ListAvailable –PSSession $dc |
Where { $_.Name –Like '*//ChangeMe*' } 

Import Module & Check for Shares

Import-Module -PSSession $pcConn -Name SMBShare -Prefix DC

GET-DCSMBShare

Create a report with Windows Firewall Rules

3Find the command that displays firewall rules

Get-Command -Module NetSecurity

#To Display a list of enabled firewall rules on Computers

Invoke-Command -Session $pcConn -ScriptBlock {Get-NetFirewallRule -Enabled True | Select Name, PSComputerName}

List Local Hard Drives

Get-WmiObject -Class Win32_LogicalDisk -Filter "DriveType=3"

Producce HTML Report for Previous Command

Invoke-Command -Session $pcConn -ScriptBlock {Get-WmiObject -Class Win32_LogicalDisk -Filter "DriveType=3" | ConvertTo-HTML -Property PSComputerName,DeviceID,FreeSpace,Size}

Remove Session

Get-PSSession | Remove-PSSession