In this installation of Geek School, we look at how we can administer our machines remotely using Remote Assistance, Remote Desktop, Windows Remote Management also known as WinRM, and PowerShell.
Be sure to check out the previous articles in this Geek School series on Windows 7:
Introducing How-To Geek School Upgrades and Migrations Configuring Devices Managing Disks Managing Applications Managing Internet Explorer IP Addressing Fundamentals Networking Wireless Networking Windows Firewall
And stay tuned for the rest of the series all this week.
Remote Assistance
Remote assistance is a feature which first debuted in Windows XP, and besides the removal of voice chat has remained unchanged. When using remote assistance there are two users connected to one machine, using it as the same time. Firstly there is the person needing assistance who is also known as the host as well as the person assisting the user who is called the helper. Remote assistance is centered around the idea of a virtual helpdesk kind of scenario.
In order for a someone to request help, they need to send you an invitation to help them. There are three ways you can generate an invitation:
If both the host and the helper are on the same network you can save a file to a network location. If they are not on the same network you can send them an email invitation. If your network is running IPv6, which is highly unlikely at this point in time, you can use easy connect.
The host is also has the final say of what goes on in the session, for example they can choose whether the helper can control the mouse and keyboard and can even disconnect the session at anytime should they feel uncomfortable with what the helper is doing.
Enabling Remote Assistance
To enable Remote Assistance, open the Start Menu and right click on Computer, then select Properties from the context menu.
When the System Information dialog opens, click on the Remote settings link located on the left hand side.
Here you will need to check the box that allows Remote Assistance connections to your computer.
If you click on the advanced button you can change things like whether the helper will be allowed to take control of your mouse and keyboard as well as how long invitations that you generate are valid for.
Using Remote Assistance
In order to request for someone to help you, you need to make an invitation. To do that open the start menu, expand maintenance and choose Windows Remote Assistance.
Then choose to invite someone you trust to help you.
For demonstration purposes I am going to save the invitation out to a file, but feel free to use whatever method you want.
I have shared my documents library with another PC on my network so saving the invitation in here is perfect.
Once you have saved the invitation you will be given a password. This is very important as the helper will need to enter this when they try and connect to your PC.
I have switched over to a machine running Windows 8. I chose to do this so that you don’t get confused about which PC I’m on. From the Windows 8 machine I simply double click on the invitation.
I then enter the password that my buddy, on the on host machine sent to me and click ok.
The host will then be asked if they want to allow me to connect to their machine. In this case I know who is trying to connect and so I can click Yes.
That’s all there is to it. I can now see exactly what you are doing on your Windows 7 computer in real time. If you allowed users to take control of your PC, as seen under the advanced options section, you will see a request control button as seen below. The host will then be allowed to allow or deny your request. You can also use the chat feature if you so choose.
Remote Desktop
While Remote Assistance is focused around a two user scenario, Remote Desktop is focused around a single user. The biggest difference between Remote Assistance and Remote Desktop is that when I connect to a remote desktop session, the computer I am connecting to gets locked so that anyone walking by can’t see what I am doing on that machine. As you probably have guessed by now, Remote Desktop is focused around productivity. For example, if I forgot to edit a document before I left work, when I get home I could use Remote Desktop to connect to that machine and it would be like I am sitting at my desk.
Note: This is so useful I even use it every day at home where I have a couple of servers with no screen attached to them; in fact, they don’t even have a keyboard or mouse. They simply have a power cable and a network cable, that’s all. When I want to to something on the server I simply use remote desktop.
Enabling Remote Desktop
To enable Remote Desktop, open the Start Menu and right click on Computer, then select Properties from the context menu.
When the System Information dialog opens, click on the Remote settings link located on the left hand side.
Here you will need to check the box that allows Remote Desktop connections to your computer. There are two options for enabling Remote Desktop:
Simply allowing connection from any device that implements the Remote Desktop Protocol. This is less secure but allows you to connect to your PC from devices that don’t run Windows for example, an iOS device or even another computer that is running Linux. Alternatively, you can choose to allow connections from Windows 7 or later machines, which implement the RDP with Network Level Authentication.
We can go with the more secure option since I only have computers running Windows 7 and later in my environment.
Using Remote Desktop
Once you have enabled Remote Desktop on a computer it is very easy to connect to it. To do so, open the Start Menu and expand Accessories, then click on Remote Desktop Connection.
Now you will need to enter the name or IP address of the machine with Remote Desktop enabled, then click connect.
You will be prompted for credentials. Remember: you will need to input credentials of a user on the remote machine and not the one you are connecting from.
That’s all there is to it. It will now feel like you are sitting at the remote machine.
One thing you will notice is that you lose a lot of the visual effects when you use RDP. If you are on a LAN and have Gigabit Ethernet, you may want to change this. To do so, before you connect, click on the options drop down.
Then switch over to the Experience tab. Here you can choose the speed of you connection, which will determine the optimum settings for you.
WinRM
Note: WinRM is a solid management tool but as you will see in a little while it has been superseded by the ever amazing PowerShell Remoting feature.
Windows Remote Management is a command line-based management protocol. The thing that WinRM really had going for it was that is was based upon the solid HTTP protocol that is allowed through many corporate firewalls, so there was no need to get special ports opened. WinRM doesn’t come enabled on Windows 7 and you will have to manually enable it on the workstations and servers you wish to manage remotely. In order to enable it open an elevated command prompt and run:
The following system changes take place when you enable WinRM:
The Windows Remote Management service gets changed to delayed automatic start. It will create HTTP listeners on all local IP addresses A firewall exception will be created
That’s really all there is to setting your computer up for WinRM.
Connecting to a WinRM Enabled Computer
In order to connect to a computer using WinRM you have to add the machine to your trusted hosts list. To do that simple type in the following command:
Note: You will need to change the IP in the command below to the one of the machine you are trying to connect to.
Once you have added the machine to your TrustedHosts, you can connect and run any command you want on the remote machine. To do so you use the Windows Remote Shell (WinRS) command.
You will need to substitute the following values:
192. 168. 174. 130 for the IP address of a machine with WinRM enabled Taylor for the username of a local administrator on the remote machine Pa$$w0rd for the password for the user account specified above. netsat for the command you want to run. Of course, if you really want to see the listening ports on the remote machine, feel free to use netsat.
PowerShell Remoting
As I mentioned earlier, PowerShell’s Remoting feature is built on top of WinRM. So let’s establish what sets it apart from the legacy shell.
Object Orientation
There is one thing that makes PowerShell as powerful as it is, and that thing is called Object Orientation. Object Oriented Programming, or OOP as it has come to be known, is a style of programming that supports code reuse. One of the methods it uses to accomplish this is allowing you to create compound data structures that are made up of primitive data types like numbers and strings as well as other compound structures. These compound data structures are called objects.
Put simply, an object is a representation of something. Objects contain properties that describe the thing, and methods that tell the object what it can do. For example, you might have an object called Person. The Person object would have:
A property describing the color of the person’s eyes. A property describing the color of the person’s hair. It might have a method called sleep. It might have a method called walk.
OOP is actually much more than this, but this will serve as a working definition for now. Since everything in PowerShell is an object, it’s really easy to work with data. For example, the Get-Service cmdlet gets information about services running on your local machine. To see what kind of object it outputs, simply pipe it to Get-Member:
Here you can see it outputs a type of object called a ServiceController. You can also see the Methods and Properties that ServiceController objects support. Given this information, it’s fairly trivial to figure out that you could stop a service by calling the Kill method on the object that represents the service you want to stop.
Remoting
Since we have set up WinRM, our Windows 7 machine is already capable of being remotely controlled via PowerShell. To run a powershell cmdlet on a remote machine you use the Invoke-Command cmdlet:
That’s all there is to it.
If you have any questions you can tweet me @taybgibb, or just leave a comment.