Disable, PSRemoting

Disable-PSRemoting

NAME
    Disable-PSRemoting

SYNOPSIS
    Prevents the computer from receiving remote Windows PowerShell commands.

SYNTAX
    Disable-PSRemoting [-Force] [-Confirm] [-WhatIf] [<CommonParameters>]

DESCRIPTION
    The Disable-PSRemoting Function disables all session configurations on the local computer by adding a “deny all” entry to their security descriptors. This prevents the local computer from receiving remote commands.

    Disable-PSRemoting does not stop the WinRM service and it does not prevent users of the local computer from establishing sessions that connect to remote computers or sending commands to other computers.

    To re-enable the session configurations, use the Enable-PSRemoting or Enable-PSSessionConfiguration cmdlets.

    To run this Function on Windows Vista, Windows Server 2008, and later versions of Windows, you must open Windows PowerShell with the “Run as administrator” option.

PARAMETERS
    -Force [<SwitchParameter>]
        Suppresses all user prompts. By default, you are prompted to confirm each operation.

        Required?                    false
        Position?                    named
        Default value                False
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Confirm [<SwitchParameter>]
        Prompts you for confirmation before executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -WhatIf [<SwitchParameter>]
        Describes what would happen if you executed the command without actually executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    None
        You cannot pipe input to this cmdlet.

OUTPUTS
    None
        This cmdlet does not return any object.

NOTES

        A session configuration is a group of settings that define the Environment for a session. The session configurations are located on the remote computer and are used by local and remote sessions that connect to the computer.

        Every session that connects to the computer must use one of the session configurations that are registered on the computer. This includes persistent sessions that you create by using New-PSSession or Enter-PSSession cmdlets, and the temporary sessions that Windows PowerShell creates when you use the ComputerName parameter of a cmdlet that uses WS-Management remoting technology, such as Invoke-Command. By denying access to all session configurations, you effectively prevent all users from establishing sessions that connect to the computer.

        Disable-PSRemoting is the equivalent of “Disable-PSSessionConfiguration -name *.

    ————————– EXAMPLE 1 ————————–

    C:\PS>disable-psremoting

    Description
    ———–
    This command disables all session configurations on the computer.

    ————————– EXAMPLE 2 ————————–

    C:\PS>disable-psremoting -force

    Description
    ———–
    This command disables all session configurations on the computer without prompting.

    ————————– EXAMPLE 3 ————————–

    C:\PS>disable-psremoting -force

    C:\PS> New-PSSession -computername localhost

    [localhost] Connecting to remote server failed with the following error
    message : Access is denied. For more information, see the about_remote_Troub
    leshooting Help topic.
        + CategoryInfo         : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
        + FullyQualifiedErrorId : PSSessionOpenFailed

    C:\PS> New-PSSession -computername Server01

     Id Name     ComputerName    State    Configuration         Availability
     — —-     ————    —–    ————-         ————
     1 Session1 Server01…     Opened Microsoft.PowerShell     Available

    C:\PS> Enable-PSSessionConfiguration -name * -force

    C:\PS> New-PSSession -computername localhost

     Id Name     ComputerName    State    Configuration         Availability
     — —-     ————    —–    ————-         ————
     1 Session1 localhost     Opened Microsoft.PowerShell     Available

    Description
    ———–
    This example shows the effect of using Disable-PSRemoting.

    The first command uses Disable-PSRemoting to disable all registered session configurations on the local computer.

    The second command uses the New-PSSession to create a remote session to the local computer (also known as a “loopback”). Because the session configurations that session requires are disabled, the command fails.

    The third command uses the New-PSSession cmdlet to create a session from the local computer to the Server01 remote computer. This command, which uses the session configurations on the remote computer, succeeds.

    The fourth command uses the Enable-PSSessionConfiguration cmdlet to re-enable all of the session configurations on the local computer. The command uses a value of * (all) in the Name parameter.

    The fifth command attempts again to establish a loopback session by using the New-PSSession cmdlet. This time the command succeeds, because the session configuration that requires are enabled.

    ————————– EXAMPLE 4 ————————–

    C:\PS>disable-psremoting -force

    C:\PS> Get-PSSessionConfiguration | Format-Table -property name, permission -auto

    Name                 Permission
    —-                 ———-
    microsoft.powershell Everyone AccessDenied, BUILTIN\Administrators AccessAllowed
    microsoft.powershell32 Everyone AccessDenied, BUILTIN\Administrators AccessAllowed

    C:\PS> Enable-PSRemoting -force
    WinRM already is set up to receive requests on this machine.
    WinRM already is set up for remote management on this machine.

    C:\PS>> Get-PSSessionConfiguration | ft name, Permission -auto

    Name                 Permission
    —-                 ———-
    microsoft.powershell BUILTIN\Administrators AccessAllowed
    microsoft.powershell32 BUILTIN\Administrators AccessAllowed

    Description
    ———–
    This example shows the effect on the session configurations of using Disable-PSRemoting and Enable-PSRemoting.

    The first command uses the Disable-PSRemoting Function to disable all registered session configurations. The force parameter suppresses all user prompts.

    The second command uses the Get-PSSessionConfiguration cmdlet to display the registered session configurations on the computer. The command uses a pipeline operator to send the results to a Format-Table command, which displays only the Name and Permission properties of the configurations in a table.

    The resulting table shows that everyone is denied permission to the configurations.

    The third command uses the Enable-PSRemoting cmdlet to re-enable all of the session configurations on the computer. You can also use an “Enable-PSSessionConfiguration -name *” command. The command uses the Force parameter to suppress all user prompts and to restart the WinRM service without prompting.

    The fourth command uses Get-PSSessionConfiguration and Format-Table to display the names and permissions of the session configurations. The results show that members of the Administrators group now have access to the session configurations.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=144298
    Enable-PSRemoting
    Disable-PSSessionConfiguration
    Get-PSSessionConfiguration
    Register-PSSessionConfiguration
    Set-PSSessionConfiguration
    Unregister-PSSessionConfiguration
    WS-Management Provider