PowerShell, WMI & Heterogeneous domains

I am still relatively new to PowerShell so I have to ask this broad question, of which I should know the answer but I do not, so sorry. My situation is this, I work in an environment where PS Remoting cannot and will not be allowed, so I am forced to get what ever systems info I can by resulting to WMI. I support two types of network topological designs. The first is a true domain, all the machines using the same FQDN. The second are also domains (Campuses) that are all different FQDN’s. I have to touch these machines (All) from a single workstation that resides on the first domain I described. Using WMI on the first domain has no issues, but I have to ask if PowerShell can be configured to pull information from the other heterogeneous domains? I will have little if any support from the different network domain admins, I guess between “Group Policy” and their own local restraints that they just refuse to help us out, cannot say as I blame the DoD offers it’s own set of IT challenges, salute!

I admit after a couple of years working with PowerShell and reading everything I can find (Especially from Mr. Jones and Mr. Hicks) that I should be able to answer my own question, but I am stuck, and I hope that you will forgive my lack of knowledge.

Ahh…the DoD I remember it fondly and all the goofy workarounds we had to come up with to do our jobs b/c of IA. Anyway, have you tried adding the -Credential param in Get-WMIObject?

Thank you for such a timely response. The DoD side is not the issue I can query those machines fine. It is the ones scattered across 5 states and 38 different .edu domains that I am trying to pull info from. Do you know if PowerShell is capable?

5 states and 38 domains? I find it hard to believe you wouldn’t be traversing a firewall or two. WMI doesn’t play nice with firewalls b/c it uses DCOM and a random port. WMI traffic is also not encrypted so there’s that. So unless you’re using some sort of encrypted tunneling protocol like VPN, RDP, or SSH, (or PSRemoting) to touch these networks you aren’t going to get very far with powershell.

Is your domain above (as in domain topology) the campuses domains ? are you all in the same forest ?
if the answer to either is no, do you know if there are any trust relations between the two domains/forests ?
(dont need to specify the level of trust)

Usually when dealing with cross domains / forests, there needs to be some sort of Trust relations between
them to allow users from one domain to access resources on the other domain. You’ll need to talk to those
sys admins to create an execution account on their domain
which you will have to use as the credentials for your WMI, if there’s at least a one-way Trust relation
between your domain and theirs.

Other option is that you write a PowerShell script and give it those sys admins to run as a scheduled task,
that collects the data periodically, exports it to a text file of some sort and relays that file through
other means to a centralized location where you go over them and extract the data you need.

I’m saving you from my 2 page long rant about “where PS Remoting cannot and will not be allowed” :slight_smile:

I appreciate all the reply’s, and reading through everyone’s comments I get a sense that I better find another solution. I reside on the DoD side, and consulting with the sysadmins of the “commercial” .edu domains is not an option. I d thank everyone for their time, I will push PowerShell to the best of my abilities on the domains that I can work with. I will use PS inside a one to one remote support session, maybe I can get PSRemoting enabled without anyone’s knowledge and just hope the GP does not shut it down, salute to all!