How to Run PowerShell Script on Remote Computer?

You can use PowerShell Remoting (appeared in PowerShell 2.0) to run commands on one or several remote computers. PS Remoting is based on the Web Services for Management protocol (WS-Management). You can use the PS remoting interactive session mode, a temporary, or permanent connection to a remote computer. In this article, we will take a look at several examples of how to execute a PowerShell script remotely.

Configuring WinRM for PowerShell Remoting

To connect to a computer remotely via PowerShell, the WinRM (Windows Remote Management service) must be enabled and configured on the remote client device (it is disabled by default). Communication between computers is performed over HTTP or HTTPS protocols, and all network traffic between computers is encrypted. You can use NTLM and Kerberos to authenticate on a remote computer.

To check the status of the WinRM service, run the Get-service command:

get-service winrm

run powershell script on remote computer

As you can see, the WS-Management service is running.

If the WinRM service is not running, you must enable it on the remote computer with the command:

Enable-PSRemoting

This command prepares the computer for remote management: starts the WinRM service, changes startup type to Automatic, and adds necessary exceptions to Windows Defender Firewall.

Hint. PowerShell Remoting uses TCP ports HTTP (5985) and HTTPS (5986) for network communications. If Windows Defender Firewall with Advanced Security is enabled on the remote computer, you need to enable Windows Remote Management (HTTP-In) rules:

  • WINRM-HTTP-In-TCP

  • WINRM-HTTP-In-TCP-NoScope

You can enable Windows Defender rules from the graphical console or using PowerShell:

Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP" -RemoteAddress Any

Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-NoScope" -RemoteAddress Any

powershell run script on remote computer

If the remote computer is in a workgroup (not joined to the Active Directory domain), and a Public network profile is applied to it (instead of Domain or Private), you need to explicitly allow incoming WinRM traffic in Windows Firewall:

Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any

To test the connection to a remote server via WinRM use the following command:

Test-WSMan server1

run powershell script remotely

If you get a response, then the remote computer is accessible through PowerShell Remoting.

Hint. If you are connecting to a remote computer via PS Remoting by an IP address, you may receive an error:

Connecting to remote server 192.168.1.70 failed with the following error message: The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided.

In this case, you need to install an HTTPS certificate for PowerShell Remoting on the remote computer (the long way), or add this host to the trusted ones on your management computer:

Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.1.70

Then restart the WinRM service:

Restart-Service WinRM

Running Remote Commands with PowerShell Remoting

To interactively connect to a remote computer (with a hostname Server1) via PowerShell, run the following command:

Enter-PSSession Server1

The PowerShell CLI view will change. At the beginning of the line, there will be the name of the remote computer to which you are connected via WinRM. After the remote session is established, all commands that are being entered in the PowerShell console are executed on the remote computer. PS Remoting works as follows: the commands entered on the local computer are transmitted to the remote computer and executed there, then the result is transmitted back. Since all commands are executed locally, there is no need to worry about compatibility with the PoSh version and modules.

To end the remote interactive session run the command:

Exit-PSSession

execute powershell script on remote computer

Only the simple management tasks are typically performed on remote computers in the interactive mode. To run a complex command or run the PowerShell script remotely, use the Invoke-Command cmdlet.

Using Invoke-Command to Run PowerShell Scripts Remotely

The following command will create a remote connection with the computer Server1 and run the block of commands specified in the ScriptBlock parameter. After that, the remote session will automatically close.

Invoke-Command -ScriptBlock {Restart-Service spooler} -ComputerName server1

If you need to execute multiple sequential PowerShell commands on a remote machine, separate commands in the ScriptBlock using semicolons:

Invoke-Command -ScriptBlock {Restart-Service spooler;Get-Date; wmic qfe list} -ComputerName server1

You can run the task in the background by running Invoke-Command with the -AsJob parameter. But in this case, the command will not return the result to the PoSh console. To get the detailed background job information, use the Receive-Job cmdlet.

how to run powershell script on remote computer

PowerShell allows you to run local PS1 scripts on remote computers. The idea is that you store all PowerShell instructions in a local .PS1 file on your computer. With PowerShell Remoting, you can transfer a PS1 file to a remote computer and execute it there.

To do this, use the -FilePath parameter in the Invoke-Command cmdlet instead of -ScriptBlock. For example, to run the c:\ps\tune.ps1 script on three remote servers, you can use the following command:

Invoke-Command -FilePath c:\ps\tune.ps1 -ComputerName server1,server2,server3

run powershell on remote computer

The PowerShell script file can be placed on a local drive or a shared network folder. In this case, to run the PS1 script file you need to specify the full UNC path:

Invoke-Command -FilePath "\\dc03\Share\pstune.ps1" -ComputerName PCS12dd2

execute powershell script remotely

The main advantage of this way of running PowerShell scripts is that you don’t need to copy the PS1 script file to remote computers. You can use not only the local script but also the PS script in a shared network folder that can be accessed from the local computer.

If PowerShell scripts are not allowed to run on the remote computer, an error will appear:

Invoke-Command : File c:\Share\pstune.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies

powershell execute script on remote computer

You can change the PowerShell Execution Policy settings on a remote computer according to this guide or sign your PowerShell script file with a certificate.

If you need to run PowerShell scripts with credentials other than the current user, you need to use the Credential parameter.

First, you need to get the credential and save them to a variable:

$cred = Get-Credential

run a powershell script on a remote computer

Now you can run the PS script on remote computers under the saved credential permissions:

Invoke-Command -FilePath c:\ps\tune.ps1 -ComputerName server1,server2,server3 -Credential $cred

You can save the list of computers in a text file and run PowerShell script remotely on all computers at once:

Invoke-command -ComputerName (get-content c:\ps\servers.txt) -filepath c:\ps\tune.ps1

By default, the Invoke-Command cmdlet sends the PS1 script to 32 remote computers from the list at the same time. If there are more than 32 computers, then PoSh checks the execution status of the script on the first 32 computers. If the script is completed, the command is executed on the next computer. With the ThrottleLimit parameter, you can increase this limit, but be careful not to overload your network.

When you run the Invoke-Command cmdlet on multiple computers, you can pre-check if the remote computer is accessible via WinRM. If the computer is available, you can run PowerShell code on it using Invoke-Command:

$RemoteComputers= get-content c:\ps\servers.txt

ForEach $RemoteComputer in $RemoteComputers)

{

If (Test-WSMan -ComputerName $RemoteComputer)

{

Invoke-Command -ComputerName $RemoteComputer -FilePath c:\ps\tune.ps1

}

If you want to pass local session variables to a remote PowerShell session use the $Using modifier:

$name=”script1.ps1”
Invoke-Command -ComputerName dc03 -Scriptblock{ write-host $using:Name}

You can use the ConnectionUri parameter in Invoke-Command to run the command against backend applications like Exchange or Azure/AWS cloud services. For example:

$Creds = Get-Credential

$params = @{

ConfigurationName = 'Microsoft.Exchange'

ConnectionUri = 'https://lonexch1.theitbros.com/PowerShell'

Credential = $Creds

Authentication = 'Basic'

ScriptBlock = {Set-Mailbox BJackson -DisplayName "Brian Jackson"}

}

Invoke-Command @params

Using Persistent PowerShell Connections (Sessions)

Each time you run Invoke-Command, a new session is created with the remote computer. This takes time and system resources. In PowerShell, you can create one session and execute all commands and scripts in it.

Using the New-PSSession cmdlet, you can create persistent PowerShell sessions with remote computers.

For example, let’s create sessions with three computers and save them in the $PSSess variable:

Invoke-Command -FilePath c:\ps\tune.ps1 -ComputerName server1,server2,server3

$PSSess = New-PSSession -ComputerName server1, server2, server3

After establishing a session, you can use it to run commands and scripts. Because sessions are persistent, you can get data from them and use it in other commands and scripts.

For example, the following command will get a list of processes on remote servers and store them in the $RemoteProcesses variable:

Invoke-Command -Session $PSSess {$RemoteProcesses = Get-Process}

Now you can use this variable in other commands in the same sessions. In the following example, we use the Where-Object cmdlet to find processes that use more than 500MB of RAM):

Invoke-Command -Session $PSSess {$RemoteProcesses | where-object {$_.WorkingSet -GT 500000*1024}|select processname,@{l="Working Memory (MB)"; e={$_.workingset / 1mb}} |sort "Working Memory (MB)" -Descending}

run powershell script on remote computer with parameters

The persistent remote PowerShell session will remain active until you close the PowerShell console, or forcefully close or delete the session using the Disconnect-PSSession or Remove-PSSession cmdlets, respectively.

As you can see, PowerShell provides ample opportunities for running scripts and commands on remote computers. Windows administrators surely can use PowerShell Remoting in addition to the classic PsExec tool from Sysinternals.

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.
Cyril Kardashevsky

3 comments

  1. Hi,
    My requirement is to delete few folders from Windows Server1 by executing script from Windows Server2.
    I tried running the Enter-PSSession Server1 and Invoke-Command but I get a permission denied error as shown below:
    You do not have sufficient access rights to perform this operation.
    + CategoryInfo : PermissionDenied [Remove-Item], IOException
    Can you please help?

    Thanks,
    Varun

  2. In this command

    Invoke-Command -FilePath c:pstune.ps1 -ComputerName server1,server2,server3

    Can you use a UNC path for the ps1 file?

    i.e. Invoke-Command -FilePath \\server0\share0\folder0\pstune.ps1 -ComputerName server1,server2,server3

    Thanks!

  3. Hi,
    I want to run(executes) Windows PS scripts on remote computers(servers) via Invoke commands, I am using the same commands you have mentioned here, but the script file in remote server not executed.
    Can you tell me how I can execute/run files parallel in remote computers

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.