Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / PowerShell / Enter-PSSession: Running Remote Commands in Interactive Shell

March 15, 2024

Enter-PSSession: Running Remote Commands in Interactive Shell

Enter-PSSession cmdlet allows you to establish a persistent interactive PowerShell session with a remote computer. All commands you enter in your command prompt are executed on the remote computer. In this article, we’ll explain the main features of Enter-PSSession and how it can be used to remotely manage computers running Windows 10/11 and Windows Server 2022/2019/2016.

The Enter-PSSession cmdlet is powered by the PowerShell Remoting stack. PSRemoting is based on Web Services for Management (WS-Management) and WinRM service (Windows Remote Management). Traffic between computers is encrypted at the protocol level (you can optionally enable the SSL encryption for PSRemoting WinRM traffic). You can use various authentication methods, including NTLM and Kerberos.

In the simple case. to establish an interactive PowerShell session with a remote computer, you need to specify only the computer name to connect (the ComputerName option). To connect to a remote computer, just run the command:

Enter-PSSession hq-srv01.woshub.com

Enter-PSSession cmdlet allows to run commands in interactive session with a single remote computer

If the current user has permission to connect to a remote host, you will connect to an interactive shell on the remote computer.

You can prompt for user credentials before connecting:

Enter-PsSession –ComputerName hq-srv01.woshub.com –Credentials woshub\maxbak

Or:

$creds = Get-Credential
Enter-PSSession -ComputerName hq-srv01 -Credential $creds

Note that the name of the remote computer is now shown in square brackets at the beginning of your PowerShell prompt ([hq-srv01.woshub.com]). This way you can find out if you are running in a local or remote shell session.

The output of all commands run remotely is displayed in your local console. You can run the hostname command and make sure that you running it on a remote computer.

You can run any command in this interactive command prompt (according to your privileges).

For example, let’s display the Windows network settings using PowerShell:

Get-NetIPConfiguration

You can change DNS settings on the remote computer:

Set-DNSClientServerAddress –InterfaceIndex 6 –ServerAddresses 192.168.13.4, 192.168.100.4

powershell remoting change network adapter settings

To exit an interactive remote shell session, run Exit-PSSession or exit. The PS prompt will become usual and you will get back to your local PowerShell console:

exit remote interactive powershell session

Previously, administrators primarily used the PsExec tool to run an interactive command prompt on a remote Windows computer. However, when Enter-PSSession appeared, they didn’t need to use external tools anymore.

In Windows Server 2016/2019/2022, PowerShell Remoting is enabled by default (you can see it in Server Manager -> Local Server -> Remote Management = Enabled).

winrm remote management is enable on Windows Server by default
In desktop Windows versions (Win10, Win11), PSRemoting and WinRM are disabled.
You can check if PSRemoting is enabled on your current computer using the command below:

Get-PSSessionConfiguration

This command also is used to get a list of users and groups allowed to connect over WinRM. To use the PSRemoting, a user account must be a member of the Administrators or Remote Management Users group. You can learn more about how to enable the WinRM PowerShell Remoting for non-admin users.

Get-PSSessionConfiguration - seesion configuration

You can test if you can connect to your computer locally via PowerShell Remoting:

Test-WSMan -ComputerName localhost

If the command returns a WSMan schema version, remote connections to the computer using PS Remoting are allowed.

Test-WSMan - check wirm connectivity

If PowerShell Remoting is disabled or not configured, the following error appears:

Test-WSMan : <f:WSManFaultxmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150858770" Machine="srv02"><f:Message>The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".

To enable PowerShell Remoting, run this command:

Enable-PSRemoting -Force

This command:

  • Enables WinRM service and set its startup type to Automatic;
  • Creates a connection point on the default WinRM port (TCP/5985 for HTTP traffic);
  • Adds exceptions for WS-Management to the Windows Firewall (if you’re configuring PSRemoting manually, add a firewall rule using PowerShell or with GPO)
  • Allows remote PowerShell sessions
  • Restarts the WinRM service

Make sure the WinRM service is running and set to start automatically:

Get-Service WinRM | Select MachineName,Name,Status, StartType

check winrm service on windows

The Enable-PSRemoting command works only for domain and private Windows network profiles. If you want to enable PSRemoting on a computer in a public network, change the network location from Public to Private, or use the command below:

Enable-PSRemoting -SkipNetworkProfileCheck -Force

In an Active Directory domain, the easiest way to centrally configure Windows Remote Management (PSRemoting) on servers and computers is through Group Policy.

Modern PowerShell versions (v6 or v7) support Secure Shell protocol (SSH) to connect to a remote computer over PowerShell Remoting. An SSH connection point must be available on a remote computer (How to enable built-in OpenSSH Server on Windows 10?). You can start an interactive PSRemoting session over SSH using this command:

Enter-PSSession -HostName [email protected]

Or authenticate over SSH using an RSA key:

Enter-PSSession -HostName [email protected]:22 -KeyFilePath c:\PS\max_rsa_key

You can use Enter-PSSession together with New-PSSession:

$s = New-PSSession -ComputerName hq-srv01.woshub.com
Enter-PSSession -Session $s

Enter-PSSession supports several authentication methods. You can set the one you want using -Authentication parameter. Basic, Digest, Kerberos, CredSSP, NegotiateWithImplicitCredential, Negotiate Challenge authentication methods are supported.

In the example above, we showed how to create an interactive Enter-PSSession connection between computers in the same Windows domain (it is enough to specify an FQDN or a short name for the connection, Kerberos authentication is used). If you try to connect to a remote computer using its IP address or CNAME, you will not be authenticated:

Enter-PSSession : Connecting to remote server 192.168.31.12 failed with the following error message: The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated.

Enter-PSSession by IP address - The WinRM client cannot process the request - use HTTPS transport or add the destination to the TrustedHosts list

To connect to a remote computer using its IP address, you can add the host to the list of trusted hosts (Trusted Hosts) or use SSL for WinRM(it is more secure).

To add an IP address to trusted hosts, run this command:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value 192.168.13.5

You can add a trusted host using a wildcard mask:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value *.woshub.com

To display the list of trusted hosts:

Get-Item WSMan:\localhost\Client\TrustedHosts

In the same way, you can add your host to the list of trusted hosts on a remote computer.

Restart the service:

Restart-Service WinRM

To connect to a remote computer using its IP address, run the command below:

Enter-PSSession -ComputerName 192.168.13.5 -Credential (Get-Credential -UserName woshub\maxbak)

The Enter-PSSession and New-PSSession cmdlets create a persistent one-to-one remote session and are used mostly in interactive scenarios. If you want to run scripts or jobs automatically or do something on multiple remote computers simultaneously, use the Invoke-Command command.

1 comment
4
Facebook Twitter Google + Pinterest
PowerShellWindows 10Windows 11Windows Server 2019
previous post
Memory Compression Process: High Memory and CPU Usage in Windows 10 and 11
next post
Poor Network Performance on Hyper-V VMs in Windows Server 2019

Related Reading

Wi-Fi (Internet) Disconnects After Sleep or Hibernation on...

March 15, 2024

PowerShell: Get Folder Size on Windows

April 2, 2024

How to Download Offline Installer (APPX/MSIX) for Microsoft...

March 12, 2024

How to Find the Source of Account Lockouts...

March 12, 2024

Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)

March 17, 2024

How to Refresh (Update) Group Policy Settings on...

August 13, 2024

How to Backup and Restore Websites and IIS...

June 8, 2023

Start Menu or Taskbar Search Not Working in...

April 22, 2025

1 comment

serg January 9, 2023 - 4:23 am

Use the following command to connect to a remote computer via powershellremoting under the Microsoft account:
Enter-PSSession -ComputerName Server1 -Credential MicrosoftAccount\[email protected]

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)
  • How to Download Offline Installer (APPX/MSIX) for Microsoft Store App
  • Fix: Remote Desktop Licensing Mode is not Configured
  • How to Delete Old User Profiles in Windows
  • Configuring Port Forwarding in Windows
  • How to Install Remote Server Administration Tools (RSAT) on Windows
  • Start Menu or Taskbar Search Not Working in Windows 10/11
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top