techdays follow-up: remote powershell, what’s encrypted?

Yesterday Scott Schnoll and I had the honor to deliver a one-day pre-conference fully dedicated to the wonderful world of Microsoft Exchange 2010.

A few questions came up during and after the sessions, and one of them came from Tom De Caluwé who was interested in seeing how secure Remote PowerShell is. During my talk on Managing Exchange, I gave a demo on how you can use PowerShell v2, and connect to your Exchange server by establishing a persistent connection to it using the cmdlet new-pssession, as shown in the figure below:

$a = New-PSSession –ConfigurationName –ConnectionUri http://<FQDN of your CAS Server/powershell/

Import-PSSession $a


It is save to connect using http, since you use Kerberos encryption. Tom was interested in knowing what was encrypted, if the entire session was encrypted, or just the initial setup.

To make sure, we sat down, and used a network monitoring tool to see what happens when connecting to Exchange from another domain-joined machine using Remote PowerShell.

After establishing the persistent connection to my Exchange 2010 Client Access server  named, we decided to create a mailbox-enabled user called Bumbalu, and this is what the sniffering gave us:


Looking at the output, it was clear that the session was HTTP-Kerberos-session encrypted 🙂

Just as a double-check, we removed our user Bumbalu and we created it again, with a different password (all the rest was the same).

And then Tom used a tool to compare both sniffer results and the differences between the two streams came down to:

  • different time

  • different content-length

  • different content all-together 🙂






Remote PowerShell rocks 🙂


Comments (3)

  1. Anonymous says:

    In part one of this series we looked at some of the basic aspects of the PowerShell environment. Let’s

  2. FCUSS says:

    probably been asked time and time again.. if remoting over "HTTP" is secure and encrypted in this fashion.. what benefits or reasons would there be to set up "HTTPS"?

  3. show box says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    Latest version of Showbox App download for all android smart phones and tablets. – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    Showbox for PC articles:
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above
    all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.
    Movie Box, an esteemed movies application in which you can find stacks of programs and films. The guide is given here to download Movie Box app to Android and to Apple iOS 9.0.2, iOS 8.4/8.3 and also for the lower versions without Jailbreak.
    Please do login to Showbox application with the help of Ymail. You can login in Ymail from here –
    Sign Up & Do registration for latest movies on Showbox application

Skip to main content