PowerShell Remoting (WinRM)
One-to-One. Interactive. Runs in a stateful and trusted process (wsmprovhost)
Enter-PSSession -ComputerName dcorp-adminsrvNew-PSSession -ComputerName dcorp-adminsrvStore sessions in variables and connect
$adminsrv = New-PSSession -ComputerName dcorp-adminsrv
$adminsrvEnter-PSSession -Session $adminsrvOne-to-Many. Known as Fan-out remoting and is non-interactive. This can execute commands and scripts on multiple machines at once. Can be ran as a background job and by default in memory
Invoke-CommandInvoke-Command -Scriptblock {Get-Process} -ComputerName
(Get-Content <list_of_servers>)Invoke-Command -FilePath C:\scripts\Get-PassHashes.ps1
-ComputerName (Get-Content <list_of_servers>)Execute locally loaded functions
Invoke-Command -ScriptBlock ${function:Get-PassHashes}
-ComputerName (Get-Content <list_of_servers>)With Arguments
Invoke-Command -ScriptBlock ${function:Get-PassHashes}
-ComputerName (Get-Content <list_of_servers>) -ArgumentListExecure "Stateful" commands on target machines
$Sess = New-PSSession -Computername Server1
Invoke-Command -Session $Sess -ScriptBlock {ls env:}
Invoke-Command -Session $Sess -ScriptBlock {$env:Username} OPSEC Friendly Option - Winrs
winrs -r:server1 cmdwinrs -r:dcorp-mgmt set computername;set usernamewinrs -remote:server1 -u:server1\administrator -p:Pass@1234 set usernameLast updated