Building PoshCAT Part 3 – Enabling PowerShell Remoting through Group Policy for PoshCAT

You may want to read these posts before:

· How to install PoshCAT

· Building PoshCAT Part 1 – Create different Client Actions lists

· Building PoshCAT Part 2 – Adding your own custom functions

One of the most important thing you need to know before you start using PoshCAT is that it relies on PowerShell remoting. If you don’t configure PowerShell remoting on your computers, then the Client Actions will fail. In this post I will show how you can enable PowerShell remoting through Group Policy but you can also configure it manually.

To enable PowerShell remoting manually you need to run PowerShell Console as an administrator and execute the following command:

Enable-PSRemoting

You can enable PowerShell remoting through Group Policy settings for following operating systems:

· Windows Vista/2008

· Windows 7/2008 R2

· Windows 8/2012

· Windows 8.1/2012 R2

To enable PowerShell remoting for Windows XP or Server 2003 you need to create Computer Startup Script that runs the following command:

Enable-PSRemoting -Force

Enabling PowerShell remoting through Group Policy

1. Open Group Policy Management

2. Create a new Group Policy Object, for example PowerShell Settings

3. Open PowerShell Settings GPO with Group Policy Management Editor

4. Expand Computer Configuration; expand Policies; expand Administrative Templates; expand Windows Components; expand Windows Remote Management (WinRM)

5. Select WinRM Service

6. Open “Allow remote server management through WinRM” setting

7. Enable the Policy and set the IPv4 and IPv6 filter values to *

WinRM_Service_GPO_2

8. Click OK

9. Navigate to Windows Settings; expand Security Settings and select System Services

10. Select Windows Remote Management (WS-Management) Service and set the startup mode to Automatic

WinRM_Service_GPO

11. Click OK

12. Close the Group Policy Editor

13. Link the PowerShell Settings GPO to correct OU for testing

14. Reboot test computers

Note: You can configure Windows Services through Group Policy Preferences also and if Firewall is also enabled in your environment, then you need to configure Firewall exceptions also.

Testing remote commands with PowerShell

Now log in to another machine and execute the following commands through PowerShell console or PowerShell ISE against the test machine(s).

#TEST 1

Get-WmiObject -Class Win32_Share -ComputerName PC0002

#TEST 2

Get-Service -Name Winmgmt -ComputerName PC0002

#TEST 3

Invoke-Command -ScriptBlock {Get-Service -Name Winmgmt} -ComputerName PC0002

If these commands does not fail, then your Group Policy is configured correctly and you can continue testing with PoshCAT

About the Author:

Kaido Järvemets
Configuration Manager MVP

5 Comments

  1. Harry January 8, 2014 at 10:31 - Reply

    It seems that you need to configure Powershell a bit further before it works on a current Windows 7 SP1 machine, you need a “Register-PSSessionConfiguration microsoft.powershell” command first? So, in an Enterprise, you need to push this command out to all workstations before you can use PoshCAT? Or did anyone find a way to configure this via a Group Policy too?

  2. Kaido Järvemets
    Kaido Järvemets January 8, 2014 at 11:31 - Reply

    Hi Harry,

    You just need to configure the PowerShell remoting settings through Group Policy and everything should be OK and don´t forgot the Firewall rules.

    Best,
    Kaido

  3. Cliff Steinman December 17, 2014 at 15:21 - Reply

    It’s asking me to register the configuration too. It’s worked for a while with just the Group Policy settings. That’s unfortunate.

  4. Chris April 7, 2015 at 20:59 - Reply

    Yup, same thing…

    Connecting to remote server COMPUTER failed with the following error message : The WS-Management
    service cannot process the request. Cannot find the Microsoft.PowerShell session configuration in the WSMan: drive on
    the COMPUTER computer. For more information, see the about_Remote_Troubleshooting Help topic.

  5. Tim August 26, 2015 at 13:45 - Reply

    Hi,

    I love this tool but have a question on using it.
    I’m trying to get it to ‘Install Missing Updates’ The command executes fine but the updates don’t install.
    All tests for remote commands with powershell work

    Selected command: Install Missing Updates
    Reporting disabled in configuration file
    Starting to run Install Missing Updates
    Job Type: Remote
    Adding TESTSERVER PSH JOB
    Install Missing Updates Completed on TESTSERVER
    Removing JOB ID: 28 from the array
    ——————————————————————————-
    TOTAL FAILED JOBS: 0
    TOTAL SUCCESS JOBS: 1
    TOTAL TIME: 0.0768743533333333 minutes

Leave A Comment