SharePoint and PowerShell remoting


In my current project I’m dabbling with PowerShell to query different servers and information from different SharePoint 2010 farms in the organization. This blog contains a brief overview of the steps I took in order to get a working configuration.

Enable remoting and credential pass-through

You need to enable remoting and also credential pass-through. The latter is important because your SharePoint statements will need to authenticate to the SQL Server containing your SharePoint databases, or all your statements will fail with an access denied.

Enable-PSRemoting

I did this on both the “client” and the “server”, because my client can actually be queried itself as well…

Enable-WSManCredSSP -Role Client –DelegateComputer MYSERVER01

I ran this on the “client”.

Enable-WSManCredSSP –Role Server

I ran this on the “server”.

CredSSP allows the credentials to pass-through (double hop) . There’s a security note in the TechNet article;

Caution: CredSSP authentication delegates the user's credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.

» Enable-PSRemoting: http://technet.microsoft.com/en-us/library/hh849694.aspx

» Enable-WSManCredSSP: http://technet.microsoft.com/en-us/library/hh849872.aspx

Force PSVersion 2.0

If you have multiple versions of PowerShell then most likely new instances will be using the latest version. There is a common issue regarding SharePoint 2010 Management Shell and PowerShell 3.0 (or above) outlined here: http://support.microsoft.com/kb/2796733.

Microsoft SharePoint is not supported with version 4.0.30319.17929 of the Microsoft .Net Runtime.

If you’re seeing this issue when remoting you can create a new PSSessionConfiguration on the “server” and have “clients” reference it.

Register-PSSessionConfiguration -Name PS2 -PSVersion 2.0

I ran this on the “server” in a PowerShell 3.0 prompt.

» Register-PSSessionConfiguration: http://technet.microsoft.com/en-us/library/hh847899.aspx

Invoke-Command / Enter-PSSession

There’s but one thing that remains, and that is to see if it worked. Make sure to specify CredSSP and the reference to the PSSessionConfiguration object.

Invoke-Command -ComputerName MYSERVER01 -ConfigurationName PS2 -Authentication CredSSP –Credential MYDOMAIN\myuser -ScriptBlock { asnp Microsoft.SharePoint.PowerShell; Get-SPFarm }

» Invoke-Command: http://technet.microsoft.com/en-us/library/hh849719.aspx

» Enter-PSSession: http://technet.microsoft.com/en-us/library/hh849707.aspx

 

Happy remoting!

 


Links to this post

Comments

Tuesday, 4 Mar 2014 02:37 by Jon
Handy information to have, thanks for the write up. Does this apply in 2013?

Wednesday, 5 Mar 2014 01:39 by Steven Van de Craen
Jon, this applies to SharePoint 2013 as well. You can even skip the part of the PSVersion since SharePoint 2013 operates in PSVersion 3.0, which should be the default for any remote session.

CAPTCHA Image Validation