PS Remoting Considerations

  • Article

I'm winding my way through the glorious English countryside on an early morning train. The weather outside the window is glorious, my new short-sleeved shirt (in tribute to the weather) is glorious and my train-issued coffee is... well, brown. Coffee aside, given that gloriousness abounds today, what better topic to write about than PS Remoting?

PS Remoting, introduced with v2, elevated PowerShell to a true enterprise-class remote management engine. In fact, in Windows Server 2012 it is the 'remoting' technology of choice... naturally!

Prior to 2012 you would have to install specific software packages and / or make certain configuration changes to enable PS Remoting. And, that's what this article is about: the software packages and configuration changes necessary, on all supported versions of Windows, to enable PS Remoting*.

Let's look at this one operating system at a time, starting with Windows Sever 2003...

 

Windows Server 2003 SP2

PS Remoting needs to be installed and enabled.

 
Maximum Software Versions

    • .NET 3.5 - latest applicable version
    • WMF Core - latest applicable version (WSManStack 2.0 / PowerShell 2.0)

 
 

Windows Server 2008 SP2

 PS Remoting needs to be installed and enabled.

 Minimum Software Versions

    • .NET 4.0 minimum for WMF 3
    • .NET 3.5 for WMF Core

 Maximum Software Versions

    • .NET 4.5.2 - latest applicable version
    • WMF 3 - latest applicable version (WSManStack 3.0 / PowerShell 3.0)

NB - Before installing Windows Management Framework 3.0 on Windows Server 2008, you must download and install the version of Windows Management Framework which includes Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0 as a prerequisite. This version of Windows Management Framework is available at https://support.microsoft.com/kb/968929.
 

Windows Server 2008 R2 SP1

PS Remoting capable but not enabled by default.

 Default Software Versions

    • .NET 3.5 installed by default
    • WMF Core installed by default (WSManStack 2.0 / PowerShell 2.0)

 Latest Software Versions

    • .NET 4.5.2 - latest applicable version
    • WMF 4** - latest applicable version (WSManStack 3.0 / PowerShell 4.0)

 

 

Windows Server 2012

PS Remoting enabled by default.

Default Software Versions

    • .NET 4 installed by default
    • WMF 3 installed by default (WSManStack 3.0 / PowerShell 3.0)

Latest Software Versions

    • .NET 4.5.2 - latest applicable version
    • WMF 4 - latest applicable version (WSManStack 3.0 / PowerShell 4.0)

 

Windows Server 2012 R2

PS Remoting enabled by default.

Default Software Versions

    • .NET 4.5 installed by default
    • WMF 4 installed by default (WSManStack 3.0 / PowerShell 4.0)

Latest Software Versions

  • .NET 4.5.2 - latest applicable version

 

 

Now, where to get all of this wonderful software?

Download Locations

  .NET Framework

Microsoft .NET Framework 3.5
https://www.microsoft.com/en-us/download/details.aspx?id=21

Microsoft .NET Framework 4
https://www.microsoft.com/en-us/download/details.aspx?id=17718

Microsoft .NET Framework 4.5.2
https://www.microsoft.com/en-us/download/details.aspx?id=42642

Windows Management Framework

WMF Core
https://support.microsoft.com/kb/968929

WMF 3.0
https://www.microsoft.com/en-gb/download/details.aspx?id=34595

WMF 4.0
https://www.microsoft.com/en-us/download/details.aspx?id=40855

 

 

Finally, when PS Remoting isn't enabled by default, what do you need to do to switch it on? On a per server basis, you can just run the Enable-PSRemoting cmdlet. However, in an enterprise environment you would configure the following Group Policy options...

Group Policy Settings

Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WINRM)\WinRM Service

    • Edit “Allow automatic configuration of listeners”
    • Click Enable, Enter * against both the the Ipv4 and Ipv6 filter

Computer Configuration\Windows Settings\Security Settings\System Services\Windows Remote Management

    • Click Automatic

Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile

    • Edit Define inbound port exceptions
    • Click Enabled
    • Click Show
    • Define the port exception as 5985:TCP:*:Enabled:AllowWinRM

 

Simply glorious!

 

 *The information is valid as of 4th July 2014.

 

**NB - systems that are running the following server applications should not run Windows Management Framework 4 at this time:

  • System Center 2012 Configuration Manager (not including SP1)
  • System Center Virtual Machine Manager 2008 R2 (including SP1)
  • Microsoft Exchange Server 2007
  • Windows Small Business Server 2011 Standard

Furthermore, servers that are running the following applications can now run WMF 4. The versions listed are the minimum releases required to run WMF 4:

  • Microsoft Exchange Server 2013 Service Pack 1
  • Microsoft Exchange Server 2010 SP3 with Update Rollup 5
  • Microsoft SharePoint Server 2013 Service Pack 1
  • Microsoft SharePoint Server 2010 with the February 2014 Cumulative Update