Geek School: Learning Windows 7 - Remote Administration
Remote Machine Administration with Windows Tools
This installment of Geek School focuses on methods for remotely managing computers. We will explore the capabilities of Remote Assistance, Remote Desktop, Windows Remote Management (WinRM), and PowerShell for this purpose.
Previous Geek School Articles
Ensure you have reviewed the preceding articles in this Windows 7-focused Geek School series to build a comprehensive understanding.
- Introducing How-To Geek School: An overview of the series' objectives.
- Upgrades and Migrations: Details on system upgrades and data migration processes.
- Configuring Devices: Guidance on configuring various hardware and software components.
- Managing Disks: Techniques for disk partitioning, formatting, and maintenance.
- Managing Applications: Methods for installing, configuring, and removing software applications.
- Managing Internet Explorer: Optimizing and securing the Internet Explorer web browser.
- IP Addressing Fundamentals: A foundational understanding of IP addressing schemes.
- Networking: Core networking concepts and configurations.
- Wireless Networking: Setting up and troubleshooting wireless network connections.
- Windows Firewall: Configuring and managing the Windows Firewall for enhanced security.
Further articles in this series will be published throughout the week, providing continued insights into Windows 7 administration.
These tools – Remote Assistance, Remote Desktop, WinRM, and PowerShell – each offer unique approaches to remote administration, catering to different needs and scenarios.
Remote Assistance Capabilities
Initially introduced with Windows XP, the remote assistance feature has largely remained consistent in its functionality, excluding the discontinuation of voice chat. This tool facilitates simultaneous access to a single machine by two users: the individual requiring support, known as the host, and the person providing assistance, referred to as the helper. The core concept revolves around establishing a virtual helpdesk environment.
To initiate a support session, a user must extend an invitation to a helper. There are several methods for generating this invitation:
- A file can be saved to a shared network location when both the host and helper are on the same network.
- An email invitation can be dispatched if the users are not on the same network.
- Easy Connect can be utilized if the network infrastructure supports IPv6, though this is currently uncommon.
The host retains ultimate control throughout the session. They determine whether the helper can manipulate the mouse and keyboard, and possess the ability to terminate the connection at any time if they feel uneasy with the helper’s actions.
Activating Remote Assistance
To enable Remote Assistance, access the Start Menu and right-click on "Computer," then select "Properties" from the displayed menu.
Upon opening the System Information dialog, click the "Remote settings" link situated on the left-hand side.
Within this section, check the box to permit Remote Assistance connections to your computer.
Selecting the "Advanced" button allows customization of settings, such as controlling whether the helper can assume control of the mouse and keyboard, and defining the validity period for generated invitations.
Utilizing Remote Assistance
To request assistance, an invitation must first be created. Open the Start Menu, expand the "Maintenance" section, and choose "Windows Remote Assistance."
Then, select the option to invite a trusted individual to provide support.
For this example, the invitation will be saved as a file, but any preferred method can be used.
A shared documents library is utilized to save the invitation, as another PC is accessible on the network.
Upon saving the invitation, a password is generated. This password is crucial, as the helper will require it to establish a connection to the host’s PC.
Switching to a Windows 8 machine allows for a clear demonstration of the connection process, avoiding confusion regarding the active PC. The invitation file is simply double-clicked.
The password, previously provided by the host, is entered, and the "OK" button is clicked.
The host is then prompted to authorize the connection attempt. Confirmation is granted by clicking "Yes," assuming the connecting user is recognized.
The connection is now established. The helper can view the host’s screen in real-time. If the host has granted control, a "Request Control" button will be visible, allowing the helper to request permission to manipulate the host’s system. A chat feature is also available for communication.
Remote Desktop Functionality
Unlike Remote Assistance, which is designed for two-user interactions, Remote Desktop caters to single-user access. A key distinction lies in session locking; when a Remote Desktop connection is established, the remote computer is secured, preventing unauthorized viewing by others.
This feature primarily enhances productivity. For instance, if a document was left unedited at the office, Remote Desktop allows access from home, replicating the experience of working directly at the desk.
It’s a remarkably useful tool – I personally utilize it daily to manage servers lacking physical monitors, keyboards, or mice. These servers operate solely with power and network connections.
Activating Remote Desktop
To activate Remote Desktop, begin by opening the Start Menu. Subsequently, right-click on “Computer” and select “Properties” from the displayed menu.
Within the System Information window, navigate to and click the “Remote settings” link situated on the left-hand side.
You will then encounter options for enabling Remote Desktop connections. Two choices are available:
- Permitting connections from any device supporting the Remote Desktop Protocol. While convenient, this approach is less secure and allows access from non-Windows devices like iOS or Linux systems.
- Restricting connections to machines running Windows 7 or later, which utilize RDP with Network Level Authentication.
Given my environment consists solely of Windows 7 and newer machines, the more secure option is preferable.
Connecting via Remote Desktop
Once Remote Desktop is enabled on a computer, establishing a connection is straightforward. Access the Start Menu, expand “Accessories,” and then select “Remote Desktop Connection.”
Enter the target machine’s name or IP address and click “Connect.”
You will be prompted to provide credentials. It’s important to remember that these credentials must belong to a user account on the remote machine, not the one initiating the connection.
Upon successful authentication, you’ll experience the remote machine’s desktop as if you were physically present.
A noticeable effect of using RDP is the reduction in visual fidelity. If you are connected via a LAN with Gigabit Ethernet, consider adjusting these settings.
Before connecting, click the “Options” dropdown menu.
Switch to the “Experience” tab. Here, you can select a connection speed that optimizes settings for your network.
WinRM
It's important to acknowledge that while WinRM serves as a capable management solution, it has largely been surpassed by the more advanced capabilities of PowerShell Remoting.
Windows Remote Management is a protocol designed for command-line based system administration. A key advantage of WinRM lies in its foundation on the widely accepted HTTP protocol. This allows it to traverse many corporate firewalls without requiring the opening of specific ports. WinRM isn’t activated by default on Windows 7, necessitating manual enablement on target workstations and servers.
To activate WinRM, launch an elevated command prompt and execute the following command:
winrm quickconfig
Enabling WinRM results in several system modifications:
- The Windows Remote Management service is configured to start automatically with a delay.
- HTTP listeners are established on all locally assigned IP addresses.
- A firewall exception is automatically created to allow WinRM traffic.
These steps complete the basic setup for utilizing WinRM on your computer.
Establishing a Connection to a WinRM-Enabled Computer
Before connecting to a computer via WinRM, you must first add it to your list of trusted hosts. This is achieved using the following command:
Please remember to replace the IP address in the command below with the actual IP address of the machine you intend to connect to.
winrm set winrm/config/client @{TrustedHosts=”192.168.174.130”}
After adding the machine to your TrustedHosts list, you can initiate a connection and execute commands remotely. This is accomplished through the Windows Remote Shell (WinRS) command.
winrs –r:192.168.174.130 –u:Taylor –p:Pa$$w0rd netstat
Ensure you substitute the following values:
- 192.168.174.130 should be replaced with the IP address of the WinRM-enabled machine.
- Taylor represents the username of a local administrator account on the remote machine.
- Pa$$w0rd is the password associated with the specified user account.
- netstat is the command you wish to execute on the remote system. For instance, to view listening ports, utilize the 'netstat' command.
These adjustments allow for remote command execution via WinRM.
PowerShell Remoting
As previously noted, PowerShell’s Remoting functionality leverages WinRM as its foundation. Let's clarify the distinctions between this feature and older shell technologies.
Object Orientation is a core element of PowerShell’s capabilities.
A key aspect of PowerShell’s strength lies in its Object Orientation. This programming paradigm, often abbreviated as OOP, promotes code reusability. It achieves this through the creation of complex data structures built from basic types like numbers and strings, as well as other structures. These complex structures are known as objects.
Essentially, an object is a digital representation of an entity. Objects possess properties that define their characteristics, and methods that dictate their actions. Consider, for instance, an object named Person. This Person object might include:
- A property indicating the person’s eye color.
- A property specifying the person’s hair color.
- A method called sleep, representing the action of sleeping.
- A method called walk, representing the action of walking.
OOP encompasses much more than this, but this definition will suffice for our purposes. Because everything within PowerShell is treated as an object, data manipulation becomes significantly easier. For example, the Get-Service cmdlet retrieves information about services running on the local system. To determine the type of object it returns, simply pipe its output to Get-Member:
Get-Service | Get-Member
The output reveals a type of object called a ServiceController. You can also observe the Methods and Properties supported by these ServiceController objects. With this information, it becomes clear that a service can be stopped by invoking the Kill method on the object representing that service.
Remote Execution
Having configured WinRM, our Windows 7 machine is now equipped for remote control via PowerShell. The Invoke-Command cmdlet is used to execute PowerShell cmdlets on a remote machine:
Invoke-Command WIN-H7INVSHKC7T {get-service}
This completes the process.
Should you have any inquiries, feel free to reach out on Twitter @taybgibb, or simply post a comment.
Related Posts
Touchscreen on Windows PC: Do You Need It?
Find Lost Windows or Office Product Keys - Easy Guide
Windows 10 Setup: Express vs. Custom - What's the Difference?
Manage Accessibility Features in Windows 10 - A Comprehensive Guide
Windows 10 Start Menu: A Comprehensive Guide
