LogoفارسیFA

PowerShell Remoting: Complete Guide to Remote Management

PowerShell Remoting, introduced in v2 and enhanced in v3, is a core technology for remote administration in Windows environments. It enables secure execution of commands on remote machines using the WS-MAN protocol via WinRM. Unlike legacy -ComputerName parameters that relied on DCOM/RPC, true Remoting works with any cmdlet, serializing objects into XML for transmission and deserializing them on receipt. Understanding concepts such as endpoints, listeners, authentication, sessions, and implicit remoting is essential for leveraging this technology effectively.

PowerShell RemotingWinRM nad WS-MANPSSessionsEndpoints و ListenersCredSSP و Second-Hop ProblemImplicit Remoting

~2 min read • Updated Dec 21, 2025

1. Key Concepts


  • WS-MAN: HTTP-based protocol (ports 5985 and 5986).
  • WinRM: Service handling authentication and communication.
  • Endpoints: Configurations such as Microsoft.PowerShell and Microsoft.PowerShell32.
  • Listeners: Accept traffic on specific ports/IPs.
  • Authentication: Kerberos by default; supports CredSSP, Basic, etc.
  • Security: Single port, Kerberos-based, configurable quotas.

2. Enabling Remoting


Run Enable-PSRemoting -Force as Administrator:


  • Starts/restarts WinRM service.
  • Creates HTTP listener (port 5985).
  • Adds firewall exceptions.
  • Configures default endpoints.

3. Basic Usage


  • 1-to-1 Interactive: Enter-PSSession -ComputerName Server01.
  • 1-to-Many: Invoke-Command -ComputerName Server01,Server02 -ScriptBlock { Get-Process }.
  • Options include -Credential, -Port, -UseSSL, -FilePath.

Note: Deserialized results are read-only and lose methods.


4. PSSessions (Persistent Connections)


  • New-PSSession to create a session.
  • Invoke-Command -Session to run commands.
  • Enter-PSSession -Session for interactive use.
  • Remove-PSSession to close.

v3 adds Disconnect, Connect, and Receive-PSSession features.


5. Advanced: Custom Endpoints & Delegation


  • Create restricted endpoints with New-PSSessionConfigurationFile.
  • Register with Register-PSSessionConfiguration.
  • Delegation allows running under alternate credentials.

6. Second-Hop Problem & CredSSP


By default, credentials cannot be delegated beyond the first hop. Solutions include specifying -Credential per hop or enabling CredSSP.


7. WinRM Listeners


Default: HTTP on all IPs. Custom HTTPS listener example:


New-WSManInstance winrm/config/Listener -SelectorSet @{Transport='HTTPS'; Address='*'}

8. Implicit Remoting


  • Import-PSSession to import remote modules locally.
  • Export-PSSession to save modules for reuse.

9. Other Scenarios


  • Cross-domain: configure TrustedHosts.
  • Quotas: adjust via WSMan:\localhost\Shell.
  • Group Policy: preferred for enterprise management.

Conclusion


PowerShell Remoting is a powerful tool for secure remote management. By mastering sessions, endpoints, authentication, and implicit remoting, administrators can achieve efficient, scalable administration across Windows environments.


Written & researched by Dr. Shahin Siami

Next Article