0

I normally use Windows Remote Desktop to connect to a server machine. All connection configs are saved in an .rdp file.

I want to instead use PowerShell to connect to that same server, in a similar fashion as SSH. I researched and found about PowerShell remoting with Enter-PSSession, but I don't know what arguments to give it.

What I know so far:

  • Client machine OS: Windows 10. Host machine OS: Windows Server 2012 R2.
  • Client and host machines are in different networks/Active Directories. Simply running Enter-PSSession <HOSTNAME> doesn't work.
  • Host machine's PSRemoting is enabled. If I'm on a machine in its same AD, it can be connected with Enter-PSSession <HOSTNAME>

My question is, if I have a working .rdp file, can I infer what's needed to PSRemote to a remote server? Or even better, can I pass that .rdp file to a PS command to make the shell connection?

Allen
  • 2,195
  • 1
  • 14
  • 9
  • If the machines are in different domains, you will need to update the `TrustedHosts` property on the target system in order for it to trust the incoming connection: [How to add more than one machine to the trusted hosts list using winrm](https://stackoverflow.com/questions/21548566/how-to-add-more-than-one-machine-to-the-trusted-hosts-list-using-winrm) – boxdog Jun 29 '18 at 23:03
  • Is there a trust between the domains? – Maximilian Burszley Jun 29 '18 at 23:15
  • @boxdog Right now `Get-Item WSMan:\localhost\Client\TrustedHosts` seems empty. But what machine name to add to the trusted host list? I think my biggest confusion is what each computer's name is for each other. – Allen Jun 30 '18 at 06:14

1 Answers1

0

If trust is present, this should work.

Enter-PSSession -Computername <FQDN>

If no trust, you have to pass a PowerShell credential object. This should be a credential that has access on the target machine. The .rdp file cannot help at all.

Enter-PSSession -Computername <FQDN> -Credential $CustomPScredentialObject

You can create a credential object by:

$CustomPScredentialObject = Get-Credential "Domain\UserID" #this will give an interactive prompt for password

Non-interactive Credential Object:

$SecurePassword = "PlaintextPassword" | ConvertTo-SecureString -Force -AsPlainText
$CustomPScredentialObject = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Domain\userid", $SecurePassword

Now you can use this credential object for PSSession.

Sid
  • 2,586
  • 1
  • 11
  • 22
  • Thanks! Can you clarify what is? I have these fields in the .rdp file, I'm not sure if they can help determine an FQDN. ``` full address:s:SOME.ADDRESS gatewayhostname:s:somegthing.example.com workspace id:s:some.address use redirection server name:i:1 loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.SOME_NAME ``` – Allen Jun 30 '18 at 05:46
  • `FQDN` is Fully Qualified Domain name. A simple google search would have answered that. When you are working with machines from other domains, `Hostname` may not be enough. You have to use `FQDN` which would be in the format `Hostname.Domainname`. Example: `Server01.Contoso.com` – Sid Jun 30 '18 at 07:18
  • For me the domain name is something like `.local`, and `Server01..local` won't work for `Enter-PSSession` as a valid computername. I imagine Windows Remote Desktop connects to my server machine by first contacting the gateway host, and then get directed to the actual machine. – Allen Jul 03 '18 at 20:31