Connect to your Windows Server using PowerShell

You can manage your Windows Server using remote PowerShell.

PowerShell is an automation platform and scripting language for Windows and Windows Server that simplifies the management of your systems. Unlike other text‑based command interpreters (shells), PowerShell leverages the power of the .NET framework, giving you a wealth of built‑in functionality to take control of your Windows environments.

Activate remote PowerShell on your Windows Server

Remote PowerShell is already enabled on some Windows Server templates. However, we still need to activate it over HTTPS instead of HTTP since HTTP requires us to be on the same domain and is unencrypted. The procedure to activate remote PowerShell should work on all editions and templates.

Run the following commands in an administrator PowerShell window.

Start by activating the remote PowerShell.

Command

Enable-PSRemoting -Force

Create a self-signed certificate that will be used when connecting to the server.

Command

$SelfSignedCertificate = New-SelfSignedCertificate -DnsName $env:computername -CertStoreLocation Cert:\LocalMachine\My -FriendlyName "PowerShell Remoting" -NotAfter 2035-01-01

Remove all existing listeners. When Remote PowerShell is enabled, a listener is added for HTTP.

Command

Get-ChildItem WSMan:\localhost\Listener\ | Remove-Item -Recurse -Force

Create a new listener that uses HTTPS and our self-signed certificate.

Command

New-Item -Path WSMan:\localhost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $SelfSignedCertificate.Thumbprint -force

Disable the firewall rule for Remote PowerShell.

Command

Disable-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)"

Create a new rule for Remote PowerShell that allows traffic on port 5986.

Command

New-NetFirewallRule -DisplayName "Remote PowerShell in (HTTPS-In)" -Name "Remote_PowerShell_in_(HTTPS-In)" -group "Remote PowerShell" -Profile Any -LocalPort 5986 -Protocol TCP

Your Windows Server now accepts remoting PowerShell connections over HTTPS on port 5986.

Connect to your server using PowerShell

Below is an example of a script to connect to the server.

Command

# IP to the Windows Server you want to connect to.
$IPAddress = "192.168.88.1"

# Prompt for your username and password.
Write-Host -ForegroundColor Cyan " [INFO] Please enter an administrative account for the server."
$AdminUserName = Read-Host -Prompt " Username"
$AdminPassword = Read-Host -Prompt " Password" -AsSecureString
$AdminCredentials = New-Object System.Management.Automation.PSCredential ($AdminUserName, $AdminPassword)

# Add the server's IP to the Trusted Hosts list so you can connect to it.
Write-Host -ForegroundColor Cyan " [INFO] Adding $IPAddress to TrustedHosts list."
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "$IPAddress" -Force -ErrorAction SilentlyContinue

# A session is opened. Since it's a self-signed certificate, no checks are performed against a CA.
Write-Host -ForegroundColor Cyan " [INFO] Creating session."
$SessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck
$Session = New-PSSession $IPAddress -UseSSL -SessionOption $SessionOption -Credential $AdminCredentials -ErrorAction Stop

# When the session is created, we use Enter-PSSession to enter the session.
Write-Host -ForegroundColor Cyan " [INFO] Entering Session."
Enter-PSSession -Session $Session

Save the file as MyServer.ps1 and run it in a PowerShell window or through PowerShell ISE.

Conclusion

This allows you to use the Glesys API to create a server and automatically configure a new IIS web server or an MS SQL database server.

You can also quickly and securely distribute files or new firewall rules to all machines in your cluster, reducing the risk of configuration errors. With this solution, it’s fast to spin up a new server if something goes wrong and cannot be salvaged.

PreviousBacking up and restoring MySQL NextTraceroute using My Traceroute (MTR)

Last updated 7 months ago

Was this helpful?