PS Remoting not available - best Options or suggestions on effectively work

General question - looking for some general guidance to become more effective with this limitation - perhaps by people in a similar situation

PS Remoting is not available - looking for best Options or suggestions on effectively working around this where possible.

One common pain point is gathering remote event logs for troubleshooting - running these queries remotely massively blows out the time the filtering takes to complete and return the results. If a remote computer is busy (No RDP Option) and you need the logs and have to resort to remote querying - is there anything you can suggest to help. I tried to use PSEXEC to launch and run the query from a saved script copied onto the remote machine to get powershell to run locally and then copy the .csv results back afterwards - appreciate any better suggestions - thanks

Use Get-WinEvent, it doesn’t use PowerShell remoting

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-eventlog?view=powershell-5.1

I’m possibly not being clear - to gather and filter all the event logs on a remote machine - it is advisable to run the powershell command locally or via a PSSession to have all the filtering done locally? If I don’t have WSMAN access to use powershell remoting, and can’t log into the remote machine via RDP, running get-winevent -computername xxxxx from my ‘management’ workstation is still going to take a much longer time than if I could run this from the machine where the logs reside?

Just trying to get some ideas around what, if any possible solutions there may be to assist here

 

Try Get-WinEvent, it has builtin Filter capability which will run on target system and doesn’t uses WSMAN and uses EventLog service on the target system.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-5.1

I have found Get-WinEvent to perform almost as well on a remote system as local. You definitely want to use a FilterHashTable. It provided me with a very significant performance gain. I should note that in my audit script, I am not gathering ALL event logs as you suggest, only Application, System and Security logs.