psexec Windows Server 2008 Firewall

Here are the In Bound Connection rules that need to be enabled:

• Under "File and Printer Sharing"
  • Echo Request
    • ICMpv4-In
    • ICMpv6-In
  • NB-Datagram-In
  • NB-Name-In
  • NB-Session-In

I'm still confused as to why psexec is the remote shell of choice when WinRM offers all of the same benefits but with a single port opening in the firewall.

It does need configuring but probably less than PSExec. No problems if you've settled on psexec already, I'm just offering additional options. :)

Really quickly you need to execute winrm quickconfig on the machine that you wish to control. This quickstart command alters a number of settings throughout the system so it's worth investigating if your security policies allow this before you run it.

Once run, you can use WinRS like this:

WinRS -r:Computername ipconfig

You can, if you don't already have permissions on the target system, run the command with other credentials.

WinRS -r:Computername -u:Username -p:Password ipconfig

You can also use PowerShell commands on remote machines configured for remote management. From within Powershell management

Invoke-Command hostname {powershell-command} or icm hostname {powershell-command}

If you have the right infrastructure, WinRM and WinRS can replace the need for psexec and the quickconfig command makes setup simple enough.

Cheers

Lewis