Tag: Remoting

Mastering Azure with Cloud Shell

Mastering Azure with Cloud Shell

There are multiple ways to interact and manage resources in Microsoft Azure. You can use the Azure Portal or command line tools like the Azure PowerShell module or the Azure CLI, which you can install on your local machine. However, to set up a cloud management workstation for administrators and developers can be quite a lot of work. Especially if you have multiple computers, keeping consistency between these machines can be challenging. Another challenge is keeping the environment secure and all the tools up to date. The Cloud Shell addresses this any many more things.

Cloud Shell is not brand new, Microsoft announced Cloud Shell at Build 2017. This blog post is about how you can master Azure with Cloud Shell and give you an overview of the possibilities of Cloud Shell.

 

What is Cloud Shell

Cloud Shell Azure Portal

Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure resources without the overhead of installing, versioning, and maintaining a machine yourself. Azure Cloud Shell is assigned per unique user account and automatically authenticated with each session. This makes it a private and secure environment.

You get a modern web-based command line experience which can be accessed from several endpoints like the Azure Portal, shell.azure.com and the Azure mobile app, Visual Studio Code or directly in the Azure docs.

In the backend, Azure uses containers and automatically attaches an Azure File Share to the container. You can store the data on it, so your data is persistent. This persists your data across different Cloud Shell sessions.

Cloud Shell Bash and PowerShell

You can choose your preferred shell experience. Cloud Shell supports Bash and PowerShell and included your favorite third-party tools and standard tools and languages. If something like a module is missing, you can add it.



Azure Nano Server PowerShell Package Management

How to deploy Nano Server in Azure

In some other post I have written how you can deploy a Nano Server on premise using PowerShell or the Nano Server Image Builder. In this post I will quickly show you how you can setup a new Nano Server in Microsoft Azure.

To deploy Nano Server in Azure, Microsoft offers you a Nano Server Image in the Marketplace.

Using the Azure Portal to deploy Nano Server on Microsoft Azure

There are also several ways you can deploy Nano Server, for example using the Azure Portal or PowerShell. First this will show you how you can create a Nano Server Virtual Machine using the Azure Portal.

Nano Server on Azure Marketplace

Simply follow the steps to create a new Azure Virtual Machine.

Nano Server on Azure VM Size

The most important part is to configure the Network Security Groups to allow PowerShell Remoting since Nano Server does not support RDP. There are two options to do this, using WinRM over http (5985) or using WinRM using https (5986). To be honest in production you should only use https, but for some demos or if you are configuring Nano Server to be used over a VPN you can also use WinRM over http. I also recommend that you remove the RDP port rule, since this is not really necessary. If the WinRM rule in the network security group is not already there, just create it. For easy setup you can use 5985 if you want to use SSL you will require additional steps.

Nano Server on Azure Network Security Groups NSG

Follow the rest of the wizard to deploy the new Nano Server VM. After the VM is created you will see it in the Azure Portal. You can now use the IP address to connect to the virtual machine using PowerShell remoting. If you don’t have a VPN connection to the Azure VM Network you will need to use the public IP address, if it is connected trough a VPN or from another machine running in the same VM Network, you can use the internal IP address. In my demo case I am using the public IP address to connect to the virtual machine. To make it easier I also created a Public DNS name for this Azure IP address.

Nano Server on Azure Public DNS Name

To connect to your Nano Server you also have to setup PowerShell Remoting on your machine and add the host to your trusted hosts group.

# Start the WinRM Service

 

Start-Service WinRM

 

Set-Item WSMan:\localhost\Client\TrustedHosts -Value “servername or IP”

 

You can now connect to your Nano Server running in Azure.

Nano Server PowerShell Remoting Azure VM

Enter-PSSession -ComputerName tomsnano02.westeurope.cloudapp.azure.com -Credential ~\ThomasMaurer

Using the Azure PowerShell module to deploy Nano Server on Microsoft Azure

First you have to install the Azure PowerShell Module and get the NanoServerAzureHelper PowerShell Module (NanoServerAzureHelper_20160927) this will help you with the setup.

Time to fire up PowerShell and login to Azure

Login-AzureRmAccount

First create a new Azure Resource Group and a Key Vault if you don’t have them already available. The key vault will be helping you to use SSL configuration for your PowerShell remoting.

New-AzureRmResourceGroup -Name “NanoServerAzurePS” -Location "West Europe"
New-AzureRmKeyVault -VaultName “NanoServerAzurePSVault” -ResourceGroupName “NanoServerAzurePS” -Location "West Europe" -EnabledForDeployment

Import the NanoServerAzureHelper PowerShell module which you have downloaded before.

NanoServerAzureHelper PowerShell Module

Import-Module .\PowerShell\NanoServerAzureHelper_20160927\NanoServerAzureHelper.psm1 -Verbose

This will give you some new PowerShell cmdlets to deploy Nano Server quickly on Azure.

The most important for creating new Nano Server VMs in Azure is simply the New-NanoServerAzureVM.

New-NanoServerAzureVM

Create a new Nano Server VM in Azure using the following PowerShell command:

New-NanoServerAzureVM Create Nano Server VM

New-NanoServerAzureVM -Location "West Europe" –VMName "tm01-nanops" -AdminUsername "ThomasMaurer" -VaultName "NanoServerAzurePSVault" -ResourceGroupName "NanoServerAzurePS" -Verbose

To connect you can get the public IP address for the system you deployed and connect to it

Get-AzureRmPublicIpAddress -ResourceGroupName "NanoServerAzurePS"
 
Enter-PSSession -ConnectionUri "https://tm01-nanops.westeurope.cloudapp.azure.com:5986/WSMAN" -Credential "~\ThomasMaurer"

 

Using PowerShell Package Management to Install Roles and Features on Nano Server

Since in Nano Server does not include any roles per default you can now use PowerShell Package Management to installed Nano Server Packages on your Azure Virtual Machine.

Azure Nano Server PowerShell Package Management

If you want to know more about PowerShell Package Management on Nano Server, check out my blog post. If you want to know more about Nano Server in general check this post here: Nano Server – The future of Windows Server – Just enough OS

 

 

 

 

 

 

 



PowerShell SSH Session

Using SSH with PowerShell

Microsoft announced that they will support SSH using PowerShell in Windows 10. Until now Microsoft has a good solution for this, there is a third party solutions called Posh-SSH. To use SSH in PowerShell you first have to install the Posh-SSH PowerShell Module from the PowerShell Gallery. Make sure you are running Windows 10 or you have the Windows Management Framework 5 installed.

If you want to use SSH with PowerShell 6, you read my blog here: Using SSH with PowerShell 6

You can now find the Posh-SSH Module and install it:

PowerShell SSH Installation

 
Install-Module Posh-SSH

You now have several PowerShell SSH cmdlets available:

PowerShell SSH cmdlets

Now you can create a new SSH Session using the following cmdlet (Password based authentication)

PowerShell SSH Session

 
New-SSHSession -ComputerName "thomasmaurer.azure.cloudapp.net" -Credential (Get-Credential)

You can now simply run commands against this session or use SCP to copy files.

PowerShell SSH Commands

 
Invoke-SSHCommand -Index 0 -Command "uname"

I hope this helps you using SSH with PowerShell. If you have any questions, please write it in the comments. Also check out my other blogs and see how SSH is integrated in Windows 10.



PowerShell Direct Invoke-Command

How to Remote Manage your Nano Server using PowerShell

In a blog post some days ago I wrote how you can create your Nano Server Image and boot it inside a Virtual Machine. If you are familiar with Nano Server you know that Nano Server is a headless server so you can’t really login to this server. The only thing you can login is to the Nano Server Recovery Console. In the Nano Server Recovery console you can only view some information about the server such as Name or IP Address, restart the server and reset the network configuration. You don’t get any access to a shell or file system.

Nano Server Recovery Console

If you want to manage your Nano Server right now you can use the old MMC tools for Remote Management or PowerShell. PowerShell will be the key here to do simple management tasks. For this you can use PowerShell Remoting or if you run your Nano Server in a Virtual Machine you can also use PowerShell Direct.

For PowerShell Remoting you first have to configure your source system, if you haven’t already done this. (Some parts are maybe not needed if your local machine is in the same Active Directory Domain as your Nano Server).

you may need to start the WinRM service on your desktop to enable remote connections. From the PS console type the following command:

# Start the WinRM Service
 
net start WinRM

From the PS console, type the following, substituting servername or IP with the appropriate value (using your machine-name is the easiest to use, but if your device is not uniquely named on your network, try the IP address):

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "servername or IP"

If you want to connect multiple devices, you can use comma and quotation marks to separate each devices.

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "servername or IP, servername or IP"

You can also set it to allow it to connect to every server using the following command:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*"

Now you can start a session with your Nano Server. From you administrator PS console, type:

Enter-PSSession -ComputerName "servername or IP" -Credential servername\Administrator

As mentioned before, if you have installed your Nano Server in a Virtual Machine running on a Hyper-V host you can use PowerShell Direct to directly connect from your local Hyper-V host to your Nano Server VM.

Enter-PSSession -VMName "VMName" -Credential servername\Administrator


PowerShell Direct Enter-PSSession

Hyper-V PowerShell Direct

One of the new features of Hyper-V in Windows Server 2016 and Windows 10 is called PowerShell Direct. PowerShell Direct lets you remotely connect to a Virtual Machine running on a Hyper-V host, without any network connection inside the Virtual Machine. PowerShell Direct uses the Hyper-V VMBus to connect inside the Virtual Machine. This feature is really handy if you need it for automation and configuration for Virtual Machines or if you for example messed up network configuration inside the virtual machine and you don’t have console access.

Right now there are two ways to use PowerShell Direct:

  • Create and exit a PowerShell Direct session using PSSession cmdlets
  • Run script or command with the Invoke-Command cmdlet
  • Use the PowerShell Direct session to copy files using the copy-item cmdlet

Requirements:

  • The virtual machine must be running locally on the Hyper-V host and must be started.
  • You must be logged into the host computer as a Hyper-V administrator.
  • You must supply valid user credentials for the virtual machine.
  • The host operating system must run Windows 10, Windows Server 2016, or a higher version.
  • The virtual machine must run Windows 10, Windows Server 2016, or a higher version.

PowerShell Direct examples

You can open a new interactive PowerShell Direct Session:

PowerShell Direct Enter-PSSession

Enter-PSSession -VMName "VM01" -Credential (Get-Credential)

PowerShell Direct Invoke-Command

You can use Invoke-Command to send script blocks to your Hyper-V Virtual Machines.

Invoke-Command -VMName "VM01" -Credential (Get-Credential) -ScriptBlock { Get-Process }

You can also create a PowerShell Direct session and use the Copy-Item -ToSession cmdlet to copy files to or from the VM.

$s = New-PSSession -VMName "VM01" -Credential (Get-Credential)
Copy-Item C:\Files C:\Targetfiles -ToSession $s

Remember it, this is not the same as PowerShell Remoting, even if it uses the same cmdlets. With that, not everything is working using PowerShell Direct, for some scenarios PowerShell Remoting works differently. If you want to do this with Linux virtual machines, there is a tool called hvc.exe, which allows you to do the same.

If you want to know more about PowerShell Direct, check out the Microsoft Docs pages.



Windows 10 IoT PowerShell Cred

How to connect to Windows 10 IoT Core via PowerShell

After you have done the setup of your Raspberry Pi 2 with Windows 10 IoT Core you can now connected to the device via PowerShell.

Connect to the Windows 10 IoT device using PowerShell

First open up PowerShell and configure PowerShell remoting to allow your PC to remotely connect to your Raspberry Pi 2. You can use the name of your Raspberry Pi, which is “minwinpc” by default, or you can also using the IP address. You can also use the Windows 10 IoT Core Watcher which helps you find your devices on the network.

 
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "machine-name or IP Address"

You can now open a new PowerShell Remote session by using the following command:

 
Enter-PsSession -ComputerName "machine-name or IP Address" -Credential "machine-name or IP Address or localhost"\Administrator

Windows 10 IoT PowerShell Cred

This will prompt you for credentials. The default password of your Pi is “[email protected]

You can also store the credentials inside a variable, so you do not have to enter it all the time:

 
$Cred = Get-Credential
Enter-PsSession -ComputerName "machine-name or IP Address" -Credential $Cred

Windows 10 IoT PowerShell Remoting minwinpc

To create the connection this can take up to 30 seconds. After that you will see the remote session.

Using PowerShell on your Windows 10 IoT Core device

You can now use PowerShell to do some stuff on your Raspberry Pi with Windows 10 IoT Core. Some PowerShell commands are not build in to Windows 10 IoT Core but you can use some command line utilities.

Get all the process running:

 
Get-Process

Windows 10 IoT PowerShell Processes

Get network adapter configuration:

 
Get-NetAdapter

List the directories:

 
gci

Rename your computer:

By renaming your device, you have to reconnect and may change your credentials.

 
setcomputername "newcomputername"

Change the password of your administrator:

 
net user Administrator <newpassword>

Shutdown your device

 
shutdown /s /t 0

Windows 10 IoT PowerShell Shutdown

Reboot your device

 
shutdown /r /t 0

Close your remote session

 
Exit-PSSession

I hope this helps you to manage your Windows 10 IoT Core device via PowerShell.



Automated Active Directory Deployment with PowerShell

Powershell

For a small presentation at KTSI I created a PowerShell script will automatically will deploys Active Directory Servers, adds other member servers, creates Organization Units and adds users via Powershell Remoting. As source there is a XML configuration file and CSV files for User Data.

Install AD with Powershell

This script is just for Lab deployments not for production, and it is not perfect, but I think maybe some people will enhance this script with their own code.

I do not support this script. it is just something I need to deploy my test environments and nothing more. More it shows diffrent

You can find more information about it works in this document.

XML Config file:

 
<?xml version="1.0" encoding="utf-8"?>
<lab>
<config>
<servers>
<server name="ADS01" ip="192.168.100.11" id="1" adminpw="passw0rd"/>
<server name="ADS02" ip="192.168.100.12" id="2" adminpw="passw0rd"/>
</servers>
<ad>
<domain name="ktsi.local" netbiosname="ktsi" forestlevel="4" domainlevel="4" safemodepw="passw0rd" />
</ad>
<ous>
<ou name="UserAccounts" path="DC=KTSI,DC=LOCAL" />
<ou name="BASEL" path="OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="CHICAGO" path="OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="NEWYORK" path="OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="SALES" path="OU=BASEL,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="IT" path="OU=BASEL,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="ADMINISTRATION" path="OU=BASEL,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="PRODUCTION" path="OU=BASEL,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="SALES" path="OU=CHICAGO,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="IT" path="OU=CHICAGO,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="ADMINISTRATION" path="OU=CHICAGO,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="PRODUCTION" path="OU=CHICAGO,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="SALES" path="OU=NEWYORK,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="IT" path="OU=NEWYORK,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="ADMINISTRATION" path="OU=NEWYORK,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
<ou name="PRODUCTION" path="OU=NEWYORK,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
</ous>
<users>
<file name="users.csv" path="OU=ADMINISTRATION,OU=BASEL,OU=USERACCOUNTS,DC=KTSI,DC=LOCAL" />
</users>
<members>
<member name="PC101" ip="192.168.100.21" />
<member name="PC101" ip="192.168.100.22" />
<member name="PC101" ip="192.168.100.23" />
</members>
</config>
</lab>

The PowerShell Script: