powershell远程
One of the best features PowerShell offers is the ability to remotely manage your Servers. It even lets you manage a bunch of them at once as well.
PowerShell提供的最佳功能之一是能够远程管理服务器。 它甚至可以让您同时管理一堆。
Be sure to read the previous articles in the series:
确保阅读本系列中的先前文章:
And stay tuned for the rest of the series all week.
并继续关注本系列的其余部分。
什么是远程处理? (What is Remoting?)
Bulk management of your servers can be tedious, and if you have had to make an IIS configuration change on 50 webservers before, you will know what I mean. These are the kinds of situations when PowerShell Remoting and the language’s scripting abilities can come to the rescue. Using HTTP or the more secure HTTPS, PowerShell Remoting allows you to send commands to a remote machine on you network. The machine then runs the commands and sends the output back to you, which is in turn displayed on your screen.
服务器的批量管理可能很繁琐,如果以前必须在50台Web服务器上进行IIS配置更改,您将了解我的意思。 这些情况可以解决PowerShell Remoting和语言的脚本编写功能的问题。 使用HTTP或更安全的HTTPS,PowerShell Remoting允许您将命令发送到网络上的远程计算机。 机器随后运行命令并将输出发送回给您,该输出又显示在屏幕上。
让我们获取技术 (Let’s Get Technical)
At the core of PowerShell Remoting lies a single Windows Service, the Windows Remote Management, or WinRM service, as it has come to be known. Using WinRM, you can set up one or more session configurations (also known as endpoints), which are basically files that contain information about the experience you want to provide to the person connecting to your remote PowerShell instance. More specifically, you can use session configuration files to define who can and who can’t connect to the instance, what cmdlets and scripts they can run, as well as what security context the session must be run under. Using the WinRM Service, you also set up “listeners”, which listen for incoming PowerShell requests. These “listeners” can either be HTTP or HTTPS and can be bound to a single IP address on your machine. When you open a PowerShell connection to another machine (technically this is done using the WS-MAN protocol, which is based on HTTP), the connection binds to one of these “listeners”. The “listeners” are then in charge of sending the traffic to the application associated with the appropriate session configuration file; the application (normally PowerShell but you can have other hosting applications if you want) then runs the command and feeds the results back through the “listener” across the network and back onto your machine.
众所周知,PowerShell Remoting的核心是单个Windows服务,Windows远程管理或WinRM服务。 使用WinRM,您可以设置一个或多个会话配置(也称为终结点),它们基本上是文件,其中包含有关要提供给与远程PowerShell实例连接的人员的体验的信息。 更具体地说,您可以使用会话配置文件来定义谁可以和谁不能连接到实例,可以运行哪些cmdlet和脚本以及必须在哪个安全上下文下运行会话。 使用WinRM服务,您还可以设置“侦听器”,侦听传入的PowerShell请求。 这些“侦听器”可以是HTTP或HTTPS,并且可以绑定到计算机上的单个IP地址。 当您打开与另一台计算机的PowerShell连接时(从技术上讲,这是使用基于HTTP的WS-MAN协议完成的),该连接将绑定到这些“侦听器”之一。 然后,“侦听器”负责将流量发送到与适当的会话配置文件关联的应用程序; 该应用程序(通常是PowerShell,但是如果需要,您可以具有其他托管应用程序)然后运行命令并将结果通过网络上的“侦听器”反馈回计算机上。
告诉我如何 (Show Me How)
The first thing you will need to do is enable Remoting on the Machine you want to connect to. This can be done by running the following:
您需要做的第一件事是在要连接的计算机上启用远程处理。 这可以通过运行以下命令来完成:
Enable-PSRemoting
启用PSRemoting
You will need to then answer yes to all the prompts. When you run Enable-PSRemoting, a few changes are made to your PC:
然后,您需要对所有提示回答“是”。 当您运行Enable-PSRemoting时,会对您的PC进行一些更改:
- The WinRM Service starts up. WinRM服务启动。
- The WinRM Service changes from Manual startup mode to Automatic. WinRM服务将从手动启动模式更改为自动。
- It creates an HTTP listener that is bound to all your network cards. 它创建一个绑定到所有网卡的HTTP侦听器。
- It also creates a inbound firewall exception for the WS-MAN protocol. 它还为WS-MAN协议创建入站防火墙例外。
- Some default session configurations are created 创建一些默认的会话配置
If you are running Windows 7 and your network card’s location is set to Public, enabling PowerShell Remoting will fail. To fix it, simply switch to the Home or Work network location. Alternatively, you can skip the network check using the following:
如果运行Windows 7,并且网卡的位置设置为“公共”,则启用PowerShell Remoting将会失败。 要解决此问题,只需切换到家庭或工作网络位置。 或者,您可以使用以下方法跳过网络检查:
Enable-PSRemoting –SkipNetworkProfileCheck
Enable-PSRemoting –SkipNetworkProfileCheck
However, we recommend you rather change your network location.
但是,我们建议您宁可更改网络位置。
There are two ways of connecting to another machine using PowerShell. There’s the one to one method, which is very similar to using SSH, and then there’s the one to many method.
有两种使用PowerShell连接到另一台计算机的方法。 有一对一的方法,与使用SSH非常相似,然后是一对多的方法。
使用PowerShell会话 (Using a PowerShell Session)
The first way of connecting to a remote machine using PowerShell is using something called a PowerShell Session. Simply put a session allows you to run commands on the remote machine in an interactive fashion much the same you would on your own machine. To open a session simply type the following:
使用PowerShell连接到远程计算机的第一种方法是使用称为PowerShell会话的东西。 只需放置一个会话,您就可以以交互方式在远程计算机上运行命令,就像在您自己的计算机上一样。 要打开会话,只需键入以下内容:
Enter-PSSession –ComputerName “Darlah”
Enter-PSSession –计算机名“ Darlah”
The prompt will gain a prefix which signifies the machine that you are running the cmdlets against.
提示符将获得一个前缀,表示正在运行cmdlet的计算机。
From here you can really treat the prompt as if you were sitting at the remote machine. For example, if you want to see all the files on the C:\ drive you can do a simple:
在这里,您可以真正地将提示视为就好像坐在远程计算机上一样。 例如,如果要查看C:\驱动器上的所有文件,可以执行以下简单操作:
Get-ChildItem –Path C:\
Get-ChildItem –路径C:\
If you come from a Linux background, you can think of using this one to one method of remoting as the PowerShell alternative to SSH.
如果您来自Linux背景,则可以考虑使用这种一对一远程处理方法作为SSH的PowerShell替代方法。
使用调用命令 (Using Invoke-Command)
The second way you can use PowerShell on a remote machine is by using Invoke-Command. The advantage to using Invoke-Command comes from the fact that you can execute the same command on multiple machines simultaneously. As you can imagine, this is particularly useful when you want to do something like gather event logs from your servers. Invoke-Command follows the following syntax:
在远程计算机上使用PowerShell的第二种方法是使用Invoke-Command。 使用Invoke-Command的优势在于您可以在多台计算机上同时执行同一命令。 可以想象,当您要执行诸如从服务器收集事件日志之类的操作时,此功能特别有用。 Invoke-Command遵循以下语法:
Invoke-Command -ComputerName Darlah,localhost -ScriptBlock {Get-EventLog Application -Newest 2}
调用命令-计算机名Darlah,本地主机-ScriptBlock {Get-EventLog应用程序-最新2}
Since the command is executed in parallel across all machines, you will need some way to see which PC a given result came from. You can do this by looking at the PSComputerName property.
由于该命令在所有计算机上并行执行,因此您将需要某种方式来查看给定结果来自哪台PC。 您可以通过查看PSComputerName属性来执行此操作。
When you use Invoke-Command, you no longer have the objects that you might expect in the Pipeline. You see, in order for PowerShell to get the information from the remote machine back to your machine, they need some way of representing the objects that the command you ran on the remote machine outputs. These days it seems the chosen way to represent a hierarchical data structure is to use XML, which means when you issue a command using Invoke-Command, the results are first serialized into XML before being sent back to your machine. Once they get back to your machine, they are deserialized back into an object; the gotcha here is that when they are deserialized, all methods, except the ToString() method, that the object had are stripped away from it.
当您使用Invoke-Command时,您将不再在管道中拥有期望的对象。 您会看到,为了使PowerShell将信息从远程计算机获取回您的计算机,他们需要某种方式来表示您在远程计算机上运行的命令输出的对象。 如今,似乎代表分层数据结构的一种选择方式是使用XML,这意味着当您使用Invoke-Command发出命令时,结果首先被序列化为XML,然后再发送回计算机。 一旦回到您的计算机,它们就会反序列化为一个对象。 这里的陷阱是,当对它们进行反序列化时,该对象拥有的所有方法(除ToString()方法外)都将被剥离。
Note: There are some exceptions to this rule, for example most primitive types like integers can be deserialized with its methods included. There is also a process called Rehydration where some methods can be added back to deserialized objects. So just be careful and remember Get-Member is your friend.
注意:此规则有一些例外,例如,可以使用包含其方法的方法对大多数原始类型(例如整数)进行反序列化。 还有一个称为“补水”的过程,可以在其中将某些方法添加回反序列化的对象。 因此,请小心并记住Get-Member是您的朋友。
家庭作业 (Homework)
翻译自: https://www.howtogeek.com/138624/geek-school-learn-to-use-remoting-in-powershell/
powershell远程