SharePoint – remoting PS

(not available for Win2003) you can configure for double-hop auth – do not know yet if we will need this.

  WinRM QuickConfig
  Enable-WSManCredSSP -Role Client -DelegateComputer TARGETMACHINE.DOMAIN.COM
  Enable-WSManCredSSP -Role Client -DelegateComputer *
  WinRM QuickConfig
  Enable-WSManCredSSP -Role Server

NOTE: the target SP server will need its PS shell space enlarged via the command
 Set-Item -Path WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 1024
target server will/may need “WINRM QuickConfig”  to enable remoting from SOURCE box

 if "execution of scripts is disabled on this system" then
"Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force" will be needed to be set to allow us to run.
Need to find out more on this in regard to "signed" scripts and how to do this "properly".
Will need to check if this has to be done on both source and target or just source box.

#SP12 is a Win2k3 with SP2007
#SP14 is a Win2k8 with SP2010



If ($SP12) {
  $TargetMachine = "MYMOSSBOX"
  $Password         = "Password1"
  $UserNameStr   = "THEDOMAIN\Administrator"
else {
  $TargetMachine = "MYSP14BOX"
  $Password         = P@ssword!
  $UserNameStr   = "OTHERDOMAIN\Administrator"

$PasswordStr = ConvertTo-SecureString $Password -asPlainText -Force
$Credentials = new-object System.Management.Automation.PSCredential $UserNameStr, $PasswordStr

If ($SP12) {
  $session = New-PSSession -Credential $Credentials -computer $TargetMachine
  Invoke-Command -Session $session -ScriptBlock{ Set-Item -Path WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 1024 }
  Invoke-Command -Session $session -ScriptBlock{ [void] [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
  Enter-PSsession -Session $session
else {
 $session = New-PSSession -Authentication CredSSP -Credential $Credentials -computer $TargetMachine
 Invoke-Command -Session $session -ScriptBlock{ Set-Item -Path WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 1024 }
 Invoke-Command -Session $session -ScriptBlock{ Add-PSSnapin Microsoft.SharePoint.Powershell }
 Import-PSsession $session -Module Microsoft.SharePoint.Powershell -FormatTypeName Microsoft.SharePoint.*

If ($SP12) {
   $SPfarm = [Microsoft.SharePoint.Administration.SPFarm]::get_Local()
Else {
   $SPfarm = Get-SPfarm

$ver = $SPfarm.BuildVersion
Write-Output "_____________________________________________"
Write-Output "Farm Version: $ver"
Write-Output " "
Write-Output " "

 if ($SP12) {

remove-pssession -session (get-pssession)


This worked against my two test VHD’s

First trouble-shooting step - turn off firewalls between client and server for 60 seconds and try opening your session, to test if that is it.
If you still get an "access denied", it is usually telling the truth (check the password!)  but for "timeout" errors, ensure GPEDIT had allowed CredSSP  on each side, via:
  Start->Run-> gpedit.msc
      Computer Configuration
          Administrative Template
            Windows Components
               Windows Remote Management (WinRM)
                  WinRM Service
                       Allow automatic configuration of listeners  (ENABLE THIS!)
                              in the options put "*" for the filters!      (ENABLE THIS!)
                       Allow CredSSP authentication                    (ENABLE THIS!)

and perhaps on the Client, rule out any policy by setting
  Computer Configuration
    Administrative Templates
         Credentials Delegation
            Allow Delegating Fresh Credentials


Comments (2)
  1. Anonymous says:

    nice!  thanks

  2. This is really great!

    I wish there were some method to handle this for previous version of sharepoint, but since wss 3 is dropping off in October ( i think i read that right ) i guess it really doesn't matter.

Comments are closed.

Skip to main content