I understand that if I wanted to enter into a remote session with a target computer, port 5985 (for WS-Management) is the default. This will enable me to run commands like “Enter-PSSession” or “invoke-command”. But what if I simply wanted to execute a command from the source machine like “get-service -ComputerName TargetMachineName”, does that use the same TCP port 5985? In other words, do powershell cmdlets that have built-in remoting (ala the -ComputerName parameter) use port 5985? If not, what port(s) is being used?
5985 (and 5986 for HTTPS) are the WS-Man ports used by PowerShell Remoting and the newer Cim cmdlets. Most other cmdlets that offer their own built-in remoting capabilities are going to be using older protocols such as RPC. These are much less firewall-friendly; there are several ports you need to open, including a dynamic range (though you can control this range and narrow it down by using some registry keys on the target system):
Here are some of the common ports you might need to open for those older commands to work:
137 UDP, 138 UDP, and 139 TCP (NetBIOS stuff)
135 TCP (RPC Endpoint Mapper)
445 TCP (SMB)
5355 UDP (Link-Local Multicast Name Resolution)
Dynamic RPC range. See http://support.microsoft.com/kb/154596 for a description of how to configure this range from its very large default.