How does PowerShell Remoting work?

PowerShellMicrosoft TechnologiesSoftware & Coding

There are several ways to connect to remote computer cmdlets. These computers can be in the same domain, different domains, or for the workgroups using PowerShell. Here, we will mainly focus on the inbuilt parameter, Invoke-Command, and to execute PSSession command remotely.

Inbuilt -ComputerName parameter.

Many cmdlets in PowerShell supports the -ComputerName parameter, which describes the remote computer names. For example, Get-Service, Get-Process, and Get-WMIObject, etc.. cmdlets.


If the remote server is in the same domain then you just need to simply add -ComputerName credentials.

Get-Service Spooler -ComputerName Test1-Win2k12


PS C:\Users\Administrator> Get-Service Spooler -ComputerName Test1-Win2k12
Status            Name          DisplayName
------           ----           -----------
Running          Spooler        Print Spooler

Or to get the Computer BIOS information using WMI,

Get-WmiObject win32_bios -ComputerName Test1-win2k12


PS C:\Users\Administrator> Get-WmiObject win32_bios -ComputerName Test1-win2k12
SMBIOSBIOSVersion     :       6.00
Manufacturer          : Phoenix Technologies LTD
Name                  : PhoenixBIOS 4.0 Release 6.0
SerialNumber          : VMware-56 4d 0d 7f 8a 7e f6 fa-f2 55 1d b6 a3 52 80 9f
Version               : INTEL - 6040000

But if your remote server is in a different domain then you may get the following authentication error message.

PS C:\> Get-Service -ComputerName Test1-Win2k12
Get-Service : Cannot open Service Control Manager on computer 'Test1-
Win2k12'. This operation might require other privileges.
At line:1 char:1
   + Get-Service -ComputerName Test1-Win2k12
   + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo       : NotSpecified: (:) [Get-
Service], InvalidOperationException
   + FullyQualifiedErrorId    : System.InvalidOperationException,Microsoft.PowerShe

To get rid out of the domain and standalone server authentication issue, many cmdlets support -Credential parameter which is the credentials for the destination server. For example, Copy-Item cmdlet, which has the -Credential parameter, in such case, you can directly pass the remote server credentials and the command works.

Copy-Item 'C:\Temp\Encoding Time.csv' -Destination \\Test1-Win2k12\C$\Temp -
Credential $creds

But many commands like Get-Service, Get-Process, etc. don’t support the -Credential parameter, in that case, you need to use the other two methods described below.

Using Invoke-Command method.

Invoke-Command is one of the most convenient methods to process commands on the remote computer. You need to provide a computer name and script block to run your commands remotely.


Invoke-Command -ComputerName Test1-Win2k12 -ScriptBlock{Get-Service Spooler}
PS C:\Users\Administrator> Invoke-Command -ComputerName Test1-Win2k12 -
ScriptBlock{Get-Service Spooler}
Status       Name         DisplayName       PSComputerName
------       ----         -----------       --------------
Running      Spooler      Print Spooler     Test1-Win2k12

In the above example, we assume that Test1-Win2k12 is in the same domain so no more additional credentials required to connect to the remote server. If the server is in the different domain or workgroup, -Credential parameter supported by Invoke-Command should be used. For example,

$creds = Get-Credential
Invoke-Command -ComputerName Test2-Win2k12 -ScriptBlock{Get-Service Spooler} -
Credential $creds


Status       Name       DisplayName       PSComputerName
------       ----       -----------       --------------
Running      Spooler    Print Spooler     Test2-Win2k12

Using the PSSession method.

With the PSSession method, you can either enter into PSSession and run the command or you can store the session into a session variable and when running command pass this session variable so that the command can run remotely.

Enter-PSSession cmdlet.

When you use the Enter-PSSession cmdlet you can directly connect to domain join computers or provide the credentials using -Credential parameter in the cmdlet for the different domain or Workgroup computers.

For the domain-joined computers.

Enter-PSSession Test1-Win2k12

Once you run the command followed by the computer name, you will notice the Computer name in front of the path, which indicates you are now into the remote shell and then you can run the command.


PS C:\Users\Administrator> Enter-PSSession Test1-Win2k12
[Test1-Win2k12]: PS C:\Users\Administrator.LABDOMAIN\Documents>
[Test1-Win2k12]: PS C:\Users\Administrator.LABDOMAIN\Documents> Get-Service
Status       Name         DisplayName
------       ----         -----------
Running      Spooler      Print Spooler

If your computer is in the different workgroup then pass the Credentials in the cmdlet. For example,

Enter-PSSession Test2-Win2k12 -Credential (Get-Credential)


[Test2-Win2k12]: PS C:\Users\Administrator\Documents> Hostname

You can end the existing session using the Exit-PSSession command.

Using the Session Variable.

You can also use the session variable to connect to the server remotely. To do that, you need to use the New-PSSession cmdlet and followed by the remote computer name and have to store that session in the new variable and later this variable can be used by the supported cmdlet like Invoke-Command or Enter-PSSession.

For example,

$sess = New-PSSession Test1-Win2k12

When you check the value of $sess variable,

You can use this variable to retrieve the outputs from cmdlets on Test1-Win2k12 machine.

Invoke-Command -Session $sess -ScriptBlock{Get-Service Spooler}
PS C:\Users\Administrator> Invoke-Command -Session $sess -ScriptBlock{Get-
Service Spooler}
Status       Name        DisplayName       PSComputerName
------       ----        -----------       --------------
Running      Spooler     Print Spooler     Test1-Win2k12
Published on 25-Jul-2020 14:51:34