Powershell

• This is the recommended mode as it is the most modern and supports all the use cases without any specific restrictions.
• WinRM is a more modern protocol used by many organizations.
• Ports 5985 are used in WinRM and WinRM v2.
• All WinRM data is encrypted using "Integrated Windows Authentication," preferably set to Kerberos authentication on the host machine.
• Essentially, WinRM is an HTTP-based API, and the data returned is in XML format rather than objects, as WinRM is XML-based.
• It is comparatively faster than WMI and Native Mode.

To ensure successful management of Windows servers in PowerShell mode, the following prerequisites must be met:

Local Administrator Account on Target Machines

The account used for onboarding the device must be a member of the Local Administrators Group on the target machine. Administrative privileges are required for enabling remote PowerShell sessions and managing the device remotely.

Note: If the onboarding account is not part of the local administrators group on the Windows agent, the account must be granted the Allow Logon Locally right via local security policies on the Windows agent machine.

For more details, refer to the Microsoft documentation:about_Remote_Requirements - PowerShell | Microsoft Learn

Logon Service Account on the Windows Agent Machine

The Windows agent machine must have a logon service account with local administrator privileges to run the required services.

Enable Remote Powershell in the Target Machines

To ensure that remote powershell is enabled in the target machine, execute the command:

winrm quickconfig

Sample output:

To create remote sessions and run remote commands, the current user must, by default, be a member of the Administrators group on the remote computer or provide administrator credentials. Otherwise, the command will fail.

PowerShell remoting can be enabled for a standard user, but they need administrative privileges to manage IIS and the Local Computer Store. In the screenshot, a non-admin user faces privilege restrictions when listing system services, whereas an admin user can view the services without issue.

• Admin Privileges for Certificate Management: Managing certificates in system-wide locations, such as the Local Machine certificate store, requires admin privileges. This includes tasks like installing, renewing, revoking, and deleting certificates.
• Service Configuration: Administrative access is necessary for configuring services to use specific system certificates for secure communication. This includes modifying service configurations, such as those for SQL Server.
• Private Key Management: Admin privileges are needed to manage private keys associated with certificates. This includes importing/exporting certificates with their private keys, configuring key access permissions, and configuring key archival and recovery policies.
• MS Certificate Authority (CA) Operations: Tasks related to managing a Certificate Authority (CA), such as configuring CA settings, issuing and revoking certificates, and managing certificate templates, often require admin privileges.
• System Integrity: Certificate management is crucial for system integrity and security. Admin privileges ensure that only authorized users can manage certificates, reducing the risk of unauthorized access, tampering, or misuse.
• Security: PowerShell remoting allows users to execute commands and scripts on remote computers. Admin access ensures that only users with sufficient privileges can perform potentially sensitive or impactful actions on remote systems.
• System Management: Many administrative tasks, such as IIS administration and accessing certain registry keys, require administrative privileges. PowerShell remoting enables administrators to perform these tasks remotely, but admin access is necessary to execute the required commands successfully.
• Resource Control: Admin access ensures that users have the necessary permissions to access and modify system resources, such as files, directories, and registry keys, on remote machines. This level of access is often required for effective system management and troubleshooting.
• Configuration Management: PowerShell remoting is commonly used in configuration management and automation scenarios. Administrators need admin access to deploy configurations, install updates, and perform other management tasks remotely.

To learn about the system and configuration requirements for running remote commands in PowerShell, refer to the "about Remote Requirements" section on the Microsoft documentation website.