Remoting
PowerShell remoting is an important topic, as many customers still think that it is unsecure. The complete opposite is actually the case, as will be explained throughout this topic. Unfortunately, many customers use other remoting capabilities instead, such as:
- Remote Desktop Protocol (RDP)/MSTSC
- PSEXEC
- SMB file share access/SMBv1
- Remote WMI access over RPC using clear text by default and random ports
- Remote event log management
- Remote service management
Note
Further information can be found here: https://blogs.technet.microsoft.com/ashleymcglone/2016/06/29/whos-afraid-of-powershell-security/.
In addition to our complete lack of understanding, there are still many companies out there that don't even enable or configure a firewall correctly on the endpoints, and these are just the basics.
PowerShell Core supports remoting via WMI, WS-Management, and SSH. (RPC is no longer supported.) Remoting with Windows PowerShell will by default use WinRM (Windows Remote Management).
Note
When you use the...