This is the eighth part of the Availability Anywhere series. For your convenience you can find other parts in the table of contents in Part 1 – Connecting to SSH tunnel automatically in Windows

Imagine that you’d like to run an interactive application on some remote server. This application should have access to UI and ideally pop-up in the session of logged-in user.
There is a psexec tool from Sysinternals and it can run applications remotely. However, it didn’t work for me (I guess some permission issues for remote shares) so I did it with PowerShell.

Run this:

$username = "DOMAIN\USER"
$pass = "PASSWORD"
$pass = convertto-securestring -asplaintext $pass -force
$cred = new-object System.Management.Automation.PSCredential -argumentlist $username, $pass
invoke-command -scriptblock { PATH_TO_SYSINTERNALS\.\psexec -accepteula -s -i 1 notepad.exe } -computername IP -credential $cred

In line 1 you specify username (with domain if needed).
In line 2 you provide a password.
Lines 3-4 create a secure password object.
Line 5 does the magic. First, it uses PowerShell Remoting to connect to the machine over IP with given credentials (see Part 3 how to configure PS Remoting). Next, it executes a command.
In the command we use psexec to run application interactively in session 1. We need to use -s parameter to run the app as a system account, otherwise it will not have an access to the UI. You may also use -u "DOMAIN\USER" -p "PASSWORD" of the session owner instead.

This is the third part of the Availability Anywhere series. For your convenience you can find other parts in the table of contents in Part 1 – Connecting to SSH tunnel automatically in Windows

Today we will enable PowerShell Remoting in Windows. This sounds like a trivial task (you can google up an “easy” solution) but every time I’m doing that it happens that I need more and more commands because there are more and more settings to tweak. This note tries to summarize everything I captured over the last 10 years.

Server configuration — for receiving connections

First, run elevated PS and run this:

enable-psremoting -force -SkipNetworkProfileCheck -confirm

Confirm everything and this in theory enables PS Remoting. It’s is not enough, though, because you need to allow multiple other things to get connections over IP (not using domain name) and without encryption (which we take care of using tunneling or VPN). Start with this:

netsh advfirewall firewall add rule name='PSRemoting HTTP' dir=in action=allow protocol=TCP localport=5985
netsh advfirewall firewall add rule name='PSRemoting HTTPS' dir=in action=allow protocol=TCP localport=5986

This configures your firewall. Now, you want to enable Windows Remote Management (WinRM). Open gpedit.msc, browse to Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service and enable Open the Allow Remote Server management through WinRM policy setting. Set filters to * (unless you need something specific there).

Next, enable firewall rules for all profiles. In gpedit.msc browse to Computer Configuration> Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile and open Windows Defender Firewall: Define inbound port exceptions policy setting. Enable it, click Show button and add those port exceptions:

5985:TCP:*:enabled:WSMan
5986:TCP:*:enabled:WSMan

Finally, you need to give permissions for particular users to connect to the machine. Run

Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell

and give permissions to users of your choice.

To verify your setting, run

winrm get winrm/config/listener?Address=*+Transport=HTTP

and you should get something like

Listener [Source="GPO"]
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 127.0.0.1, 169.254.148.232, 169.254.170.254, , ::1, fe80::24a9:613:3ca1:6de8%4

Client — for connecting to other machine over HTTP and IP address

You need to add trusted hosts using elevated PS:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*"

Now you can connect using

etsn -computername IP_ADDRESS -port 5985 -credential DOMAIN\USER

This makes an unencrypted connection using IP address. Obviously, you want to open this connection over VPN/SSH tunnel. If you want encryption, go with

etsn -computername IP_ADDRESS -usessl -port 5986 -credential DOMAIN\USER