You may want to read these posts before:
· Building PoshCAT Part 1 – Create different Client Actions lists
· Building PoshCAT Part 2 – Adding your own custom functions
One of the most important thing you need to know before you start using PoshCAT is that it relies on PowerShell remoting. If you don’t configure PowerShell remoting on your computers, then the Client Actions will fail. In this post I will show how you can enable PowerShell remoting through Group Policy but you can also configure it manually.
To enable PowerShell remoting manually you need to run PowerShell Console as an administrator and execute the following command:
Enable-PSRemoting
You can enable PowerShell remoting through Group Policy settings for following operating systems:
· Windows Vista/2008
· Windows 7/2008 R2
· Windows 8/2012
· Windows 8.1/2012 R2
To enable PowerShell remoting for Windows XP or Server 2003 you need to create Computer Startup Script that runs the following command:
Enable-PSRemoting -Force
Enabling PowerShell remoting through Group Policy
1. Open Group Policy Management
2. Create a new Group Policy Object, for example PowerShell Settings
3. Open PowerShell Settings GPO with Group Policy Management Editor
4. Expand Computer Configuration; expand Policies; expand Administrative Templates; expand Windows Components; expand Windows Remote Management (WinRM)
5. Select WinRM Service
6. Open “Allow remote server management through WinRM” setting
7. Enable the Policy and set the IPv4 and IPv6 filter values to *
8. Click OK
9. Navigate to Windows Settings; expand Security Settings and select System Services
10. Select Windows Remote Management (WS-Management) Service and set the startup mode to Automatic
11. Click OK
12. Close the Group Policy Editor
13. Link the PowerShell Settings GPO to correct OU for testing
14. Reboot test computers
Note: You can configure Windows Services through Group Policy Preferences also and if Firewall is also enabled in your environment, then you need to configure Firewall exceptions also.
Testing remote commands with PowerShell
Now log in to another machine and execute the following commands through PowerShell console or PowerShell ISE against the test machine(s).
#TEST 1
Get-WmiObject -Class Win32_Share -ComputerName PC0002
#TEST 2
Get-Service -Name Winmgmt -ComputerName PC0002
#TEST 3
Invoke-Command -ScriptBlock {Get-Service -Name Winmgmt} -ComputerName PC0002
If these commands does not fail, then your Group Policy is configured correctly and you can continue testing with PoshCAT
It seems that you need to configure Powershell a bit further before it works on a current Windows 7 SP1 machine, you need a “Register-PSSessionConfiguration microsoft.powershell” command first? So, in an Enterprise, you need to push this command out to all workstations before you can use PoshCAT? Or did anyone find a way to configure this via a Group Policy too?
Hi Harry,
You just need to configure the PowerShell remoting settings through Group Policy and everything should be OK and don´t forgot the Firewall rules.
Best,
Kaido
It’s asking me to register the configuration too. It’s worked for a while with just the Group Policy settings. That’s unfortunate.
Yup, same thing…
Connecting to remote server COMPUTER failed with the following error message : The WS-Management
service cannot process the request. Cannot find the Microsoft.PowerShell session configuration in the WSMan: drive on
the COMPUTER computer. For more information, see the about_Remote_Troubleshooting Help topic.
Hi,
I love this tool but have a question on using it.
I’m trying to get it to ‘Install Missing Updates’ The command executes fine but the updates don’t install.
All tests for remote commands with powershell work
Selected command: Install Missing Updates
Reporting disabled in configuration file
Starting to run Install Missing Updates
Job Type: Remote
Adding TESTSERVER PSH JOB
Install Missing Updates Completed on TESTSERVER
Removing JOB ID: 28 from the array
——————————————————————————-
TOTAL FAILED JOBS: 0
TOTAL SUCCESS JOBS: 1
TOTAL TIME: 0.0768743533333333 minutes