SharePoint - remoting PS
(not available for Win2003) you can configure for double-hop auth – do not know yet if we will need this.
client:
WinRM QuickConfig
Enable-WSManCredSSP -Role Client -DelegateComputer TARGETMACHINE.DOMAIN.COM
or
Enable-WSManCredSSP -Role Client -DelegateComputer *
server:
WinRM QuickConfig
Enable-WSManCredSSP -Role Server
===================
NOTE: the target SP server will need its PS shell space enlarged via the command
Set-Item -Path WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 1024
===================
target server will/may need “WINRM QuickConfig” to enable remoting from SOURCE box
===================
if "execution of scripts is disabled on this system" then
"Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force" will be needed to be set to allow us to run.
Need to find out more on this in regard to "signed" scripts and how to do this "properly".
Will need to check if this has to be done on both source and target or just source box.
------------------------------------------------------------------------------------
#SP12 is a Win2k3 with SP2007
#SP14 is a Win2k8 with SP2010
$SP12=$false
If ($SP12) {
$TargetMachine = "MYMOSSBOX"
$Password = "Password1"
$UserNameStr = "THEDOMAIN\Administrator"
}
else {
$TargetMachine = "MYSP14BOX"
$Password = <P@ssword!>
$UserNameStr = "OTHERDOMAIN\Administrator"
}
$PasswordStr = ConvertTo-SecureString $Password -asPlainText -Force
$Credentials = new-object System.Management.Automation.PSCredential $UserNameStr, $PasswordStr
If ($SP12) {
$session = New-PSSession -Credential $Credentials -computer $TargetMachine
Invoke-Command -Session $session -ScriptBlock{ Set-Item -Path WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 1024 }
Invoke-Command -Session $session -ScriptBlock{ [void] [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
Enter-PSsession -Session $session
}
else {
$session = New-PSSession -Authentication CredSSP -Credential $Credentials -computer $TargetMachine
Invoke-Command -Session $session -ScriptBlock{ Set-Item -Path WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 1024 }
Invoke-Command -Session $session -ScriptBlock{ Add-PSSnapin Microsoft.SharePoint.Powershell }
Import-PSsession $session -Module Microsoft.SharePoint.Powershell -FormatTypeName Microsoft.SharePoint.*
}
If ($SP12) {
$SPfarm = [Microsoft.SharePoint.Administration.SPFarm]::get_Local()
}
Else {
$SPfarm = Get-SPfarm
}
$ver = $SPfarm.BuildVersion
Write-Output "_____________________________________________"
Write-Output "Farm Version: $ver"
Write-Output " "
Write-Output " "
if ($SP12) {
Exit-PSsession
}
remove-pssession -session (get-pssession)
-----------------------------------------------------------
This worked against my two test VHD’s
#####
First trouble-shooting step - turn off firewalls between client and server for 60 seconds and try opening your session, to test if that is it.
If you still get an "access denied", it is usually telling the truth (check the password!) but for "timeout" errors, ensure GPEDIT had allowed CredSSP on each side, via:
Start->Run-> gpedit.msc
Computer Configuration
Administrative Template
Windows Components
Windows Remote Management (WinRM)
WinRM Service
Allow automatic configuration of listeners (ENABLE THIS!)
in the options put "*" for the filters! (ENABLE THIS!)
Allow CredSSP authentication (ENABLE THIS!)
and perhaps on the Client, rule out any policy by setting
Computer Configuration
Administrative Templates
System
Credentials Delegation
Allow Delegating Fresh Credentials
#####
Luke
Comments
Anonymous
January 01, 2003
nice! thanksAnonymous
January 01, 2003
This is really great! I wish there were some method to handle this for previous version of sharepoint, but since wss 3 is dropping off in October ( i think i read that right ) i guess it really doesn't matter.