PowerShell: PowerShell Remoting

On Windows Server® 2012, Windows PowerShell Remoting is enabled by default and please refer to the following steps that I used on my Windows 10 machine to connect to my client servers

If the Remote Server is running on Windows 2008 R2, the

Enable-PSRemoting -force

Since my machine is not part of thier AD Domain, and i will need to include the server hostname or IP Address to Trusted Host

#To check whether the WinRM service is started 
Get-Service | ? name -like "WinRM"
#if WinRM service is not started, you can manually start it using 
Start-Service WinRM
#To list the existing hosts added in the TrustedHosts and assign it to a variable
$curValue = (get-item wsman:\localhost\Client\TrustedHosts).value
#To include the existing hosts added, with the new hostname or IP Address that you want to connect to
set-item wsman:\localhost\Client\TrustedHosts -value "$curValue, ccbvem134"
#Display the Trusted Hosts Added
get-item wsman:\localhost\Client\TrustedHosts</p>
#To encrypt the password and store it in a file
"PASSWORD" | ConvertTo-SecureString -AsPlainText -Force |ConvertFrom-SecureString | Out-File "C:\temp\PASSWORD.txt"

$PasswordFile = "C:\temp\PASSWORD.txt"
$Cred=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PAsswordFile | ConvertTo-SecureString)

#Connecting to Remote Host via Remote PowerShell
Enter-PSSession -ComputerName SERVERNAME -Credential $Cred

#When you are done, Enter "Exit" to existing the Remote PowerShell Session

If you try to open the PASSWORD.txt file, it will only show the encrypted string but not the actual password for security reasons


I will run the following startup script to configure the Time Zone, Disable Firewall, Enable Remote Desktop ,Configure “Always Pefer IPv4 over IPv6”  and change the computer name

#Startup Script 
tzutil /s "Singapore Standard Time" #Set Timezone to UTC+8
Write-Host "Setting the TimeZone to UTC+8"
Get-Date #To Display Current Date & Time 
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
Write-Host "Disabled Firewall"
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Write-Host "Enabled Remote Desktop Connection"
New-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name "DisabledComponents" -Value "0x20" -PropertyType DWord
Write-Host "Always Pefer IPv4 over IPv6 configured"

$Name = Read-Host -Prompt "Please Enter Computer Name" 
Rename-Computer -ComputerName $Name -Restart

You can use the following simple PowerShell Script to promote the new Server as First AD Domain Controller

Get-WindowsFeature AD-Domain-Services | Install-WindowsFeature
Set-ExecutionPolicy RemoteSigned 

Import-Module ADDSDeployment

Install-ADDSForest `
-DomainMode Win2012R2 `
-ForestMode Win2012R2 `
-DomainName ctcgsb.com `
-DomainNetbiosName ctcgsb `
#-InstallDns $true - It will install DNS Automatically 
#-SafeModeAdministratorPassword (Prompt for SafeModeAdministraorPassword)