I am having trouble figuring out the best way to grab the information I want from other computer. I have the code setup in a way to display the information I want, but I am unsure how to use the -CimSession. Whenever I attempt to use the code I get this message below. Then I get a lost trying to learn about winrm.
“Cannot connect to CIM server. The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.”
I have done it both ways, using the computer names and the ip. I get the same results. Although for some reason when I using the computer names it takes a lot longer time running the command. I usually use the computer names.
Thank you. I think for the Get-PnpDevices I will need to do some prior configuration before I can run that command remotely. Because I don’t know much about PowerShell and usually copy code from the examples this is a little difficult for me right now. I am having a lot a trouble with creating a -Cimsession. PS keeps telling me to create a TrustedHosts list using winrm or a firewall exception needs to be enable for winrm. For more info type ‘winrm help config’ and then I get lost trying to understand the information it is providing. I’ll figure it out someday but, it looks like that might be a while for me.
Hey Maximus3255 and welcome
The computers you’re trying to connect to - are they part of an AD-domain or are they in a workgroup? Are they clients/workstations or servers?
WinRM should be enabled by default on new Windows servers in an AD-domain. I’m pretty sure that you would need to enable WinRM manually on clients/workstations.
Olaf has given you some really good links to read through, but your setup is essential to getting remoting working properly.
I’m also confident that you’re missing a step in the first part of your IF and ELSEIF blocks.
You need to create a named CIMSession first with the New-CIMSession cmdlet and then you can use it as a parameter for the Get-PnpDevice cmdlet. You can’t just call it with the computername.
The computer I am connecting to are part of the same AD-domain and I am trying to connect to workstations that have a certain peripheral installed and configured properly.
I thought I would need to enable WinRM on the workstations, but was not confident in doing so. The link that Olaf gave me were really helpful, but a little overwhelming to understand all at once for me at the moment.
When using the example given in New-CimSession -ComputerName PC im given the message below.
“Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer.”
The only thing that I am missing or need to verify would be ‘that a firewall exception for the WinRM service is enabled and allows access from this computer’ I am using a workstation and not a server to run these commands and don’t have access to a server.
Enabling WinRM should automatically open the required ports in the firewall (as long as you’re running Windows built-in FW), though I’ve seen that fail too.
I have a couple of scripts running against servers in our AD and I’ve included the following test to see if the servers are online and have WinRM enabled.
foreach ($Server in $Servers) {
# Test if the server is online and has WinRM enabled.
$pingtest = Test-Connection -ComputerName $Server.Name -Quiet -Count 1 -ErrorAction SilentlyContinue
$winrmtest = Test-WSMan -ComputerName $Server.Name -ErrorAction SilentlyContinue
if ($pingtest -and $winrmtest) {
Write-Output "$($Server) is online and WinRM is active!"
}
else {
Write-Warning "$($Server) is offline or WinRM is not enabled!"
}
If you know that the computers are online you can of course skip the ping/Get-Connection test and just run the WinRM test.
Concerning the question about verifying that there’s a firewall exception for WinRM.
This is what you’re looking for once WinRM is installed and enabled on the computer(s) you’re trying to query:
Saw your reply while I was writing this, so:
Follow-up question. Are you an admin in the AD or on the computers you need to query?
Because you will need admin credentials to enable WinRM and PSRemoting on the computers.
Do you have physical/RDP access to the computers in question and how many computers are you querying?
And will you need to query the computers more than this once?
You wrote earlier that you don’t have access to a server, so I’m guessing you’re not among the domain admins?
I’m afraid that if you don’t have permissions to create/edit GPO for your AD, you would have to logon to each workstation in turn and enable WinRM. And as you wrote you need to enable both WinRM and PSRemoting.
Question is if that’s worth the trouble if you only need to run this one query one time. It might be easier to just run the Get-PnpDevice cmdlet locally and just assemble the output manually.
I have been told to check these computers in these areas twice a week, at the moment totaling 85 computers, and in some cases it will be difficult to gain physically access to these computer. I maybe able to RDP into some of them, but these computers are sometimes in use.
If you’ve been given this as a recurring task I would work with your IT-department/domain admins and have them enable WinRM via GPO for the computers in question.
If they’re not already make sure that the computers are in separate OU and apply the policy only to that specific OU.
Quick question about my script. Do you think my script is written well? Just want to know if I have any bad habit in my code that I should look to avoid in the future.
For running this manually it looks perfectly fine to me.
However, there are things I would probably do differently for a number of reasons, some of style and others for ease of automating in the future.
Instead of writing to three different text-files, I would probably write all three to the same CSV-file. It will make it a lot easier to make a proper report to management if they wish to be informed of the status of the computers you’re monitoring.
I’d probably also write to a new CSV-file for each run of the script - I usually prefix the rundate to the filename for this kind of reports.
Write-Host works for script you run manually, but it only writes the output to the active console. I’d probably replace it with Write-Output (and possibly Write-Warning and Write-Error)
If you do you will have to remove the -ForegroundColor parameter as that’s not supported by the Write-Output cmdlet.
