PSRemoting
PSRemoting allows you to run commands on remote computers just as if you were sitting in front of them. You could see it as the Windows SSH service.
Enabling PSRemoting
Login to
WS01
as theAdministrator
user with passwordWelcome01!
.Start PowerShell as administrator and run the following command:
The
Enable-PSRemoting
cmdlet performs the following operations:
Runs the Set-WSManQuickConfig cmdlet, which performs the following tasks:
Starts the WinRM service.
Sets the startup type on the WinRM service to Automatic.
Creates a listener to accept requests on any IP address.
Enables a firewall exception for WS-Management communications.
Creates the simple and long name session endpoint configurations if needed.
Enables all session configurations.
Changes the security descriptor of all session configurations to allow remote access.
Restarts the WinRM service to make the preceding changes effective. Source: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-7.2
Users of the local Administrators
or Remote Management Users
groups can connect to the machine.
Giving a normal user access to the service
Local admin acces is not required, it is possible as a normal user if its part of the Remote Management Group
.
Add
John
to theRemote Management Users
onWS01
by executing the following command:
Testing
Login to
DC01
as theAdministrator
user with passwordWelcome01!
Start PowerShell and run the following command to connect to
WS01
asAdministrator
:
3. Create a PSCredential for the user John
with the password Welcome2022!
using the Get-Credential
command.
4. Run the following command to connect to WS01
as John
:
Read more about PSRemoting and lateral movement:
pagePSRemotingLast updated