Jordan Flynn KB
Scripting

PowerShell Remoting

Running commands on remote machines using WinRM and PowerShell.

How It Works

PowerShell remoting uses WinRM (Windows Remote Management) to execute commands on remote computers over an encrypted channel. It is the foundation for large-scale Windows management, allowing you to run scripts against hundreds of machines from a single console.

Remoting Methods

  • Invoke-Command — fire-and-forget execution on one or many machines
  • Enter-PSSession — interactive one-to-one remote shell
  • New-PSSession — persistent session for running multiple commands in sequence
  • PowerShell SSH remoting — cross-platform alternative using SSH transport

Note

When targeting multiple machines, pass an array of computer names — PowerShell runs against all of them in parallel by default, up to 32 concurrent connections. For accessing network resources from within a remote session, configure CredSSP or Kerberos constrained delegation.

Setup

Enable remoting on target machines
Enable-PSRemoting -Force -SkipNetworkProfileCheck

# Verify WinRM is listening
Test-WSMan -ComputerName "SERVER01"

Tip

Use -SkipNetworkProfileCheck when enabling remoting on servers with public network profiles (common on standalone servers not joined to a domain). Without it, Enable-PSRemoting will fail.

Running Commands at Scale

Run a command on multiple machines in parallel
$servers = @("SERVER01", "SERVER02", "SERVER03", "SERVER04")

Invoke-Command -ComputerName $servers -ScriptBlock {
    [PSCustomObject]@{
        Hostname   = $env:COMPUTERNAME
        OS         = (Get-CimInstance Win32_OperatingSystem).Caption
        Uptime     = (Get-Date) - (Get-CimInstance Win32_OperatingSystem).LastBootUpTime
        FreeGB     = [math]::Round(
            (Get-CimInstance Win32_LogicalDisk -Filter "DeviceID='C:'").FreeSpace / 1GB, 
            2
        )
    }
} | Select-Object Hostname, OS, Uptime, FreeGB `
  | Format-Table -AutoSize

Security Considerations

  • WinRM uses Kerberos authentication by default in domain environments
  • Traffic is encrypted with AES-256 — no need for additional VPN tunnels
  • Use JEA (Just Enough Administration) to limit what remote users can do
  • Restrict WinRM access via Windows Firewall rules to management subnets only

Warning

Avoid using CredSSP unless absolutely necessary — it stores delegated credentials on the remote machine, creating a credential theft risk. Prefer Kerberos constrained delegation or resource-based constrained delegation instead.

Automating User Onboarding

Using scripts to streamline new user account creation and provisioning.

On this page

How It WorksRemoting MethodsSetupRunning Commands at ScaleSecurity Considerations