Enable Remoting support on SharePoint Server box
A few steps are necessary to setup Windows PowerShell Remoting for SharePoint.Enable Windows PowerShell Remoting
Windows PowerShell Remoting needs to be enabled first by calling the following cmdlet in Windows PowerShell:
Enable-PSRemoting
This command will do a quick configuration of Windows Remote Management (WinRM). A HTTP listener will be created by WinRM and firewall exceptions will be created automatically. If you get a Kerberos error, it could be possible that SPN for HTTP/yourservername is not there and you need to use setspn to add it. Most of the time you won’t have the issue.
You can test if the remoting is working by type Enter-PSSession –ComputerName localhost on the same server box.
Increase memory limit for remote shell
Some of the SharePoint cmdlets could run for quite a long time and require a lot of memory. By default, a remote shell will be allocated 150 MB of memory, this may cause some of the command to fail, for example site collection creation. Use the following command to increase this limitation to 1000MB. This is only necessary if you need to run those commands on that server.
Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1000Setup CredSSP support
Credential Security Service Provider(CredSSP) authentication should be used if you need to do “double hop” with your credentials. It does not mean using other authentication methods you can’t run the cmdlets at all, depending on different security permission scenarios, they may or may not work. CredSSP is the best way to deal with the situation.
In some of the situation, even without CredSSP the cmdlets still work. For example, my current account is in Microsoft domain. The target server is in contoso.com domain. I used Negotiate authentication with a username and password to logon this server remotely, then created a new content database without any problem. You can test your environment to choose the best way – certain domain policy may prevent client machine from delegating credentials, which is required by CredSSP. But still, please use CredSSP in any case if possible.
![snap0117[4]](http://blogs.msdn.com/blogfiles/opal/WindowsLiveWriter/SharePoint2010PowerShellRemoting_135B8/snap0117%5B4%5D.png "snap0117[4]")
To enable CredSSP on the server, use the following command:Enable-WSManCredSSP –Role Server
![snap0103[3]](http://blogs.msdn.com/blogfiles/opal/WindowsLiveWriter/SharePoint2010PowerShellRemoting_135B8/snap0103%5B3%5D.png "snap0103[3]")
You can use Get-WSManCredSSP to check if it is enabled.
Setup client machine for Remoting
Enable CredSSP support
To use CredSSP, you need to run the following command in Windows PowerShell, where * can be replaced with the server name you want to connect:
Enable-WSManCredSSP -Role client -DelegateComputer *
![snap0111[3]](http://blogs.msdn.com/blogfiles/opal/WindowsLiveWriter/SharePoint2010PowerShellRemoting_135B8/snap0111%5B3%5D.png "snap0111[3]")
Use Get-WSManCredSSP to check if it is enabled correctly. Create and enter a remote session of Windows PowerShell
If your current user on client machine has permission to the SharePoint farm and Windows PowerShell on the remote box, you can use Enter-PSSession to create and enter the remote session.
For example, connecting to sharepoint.contoso.com…
Enter-PSSession -ComputerName sharepoint.contoso.comIf it works, the command prompt will be changed to [sharepoint.contoso.com]: PS C:\Users\Administrator\>.
The session will be closed when you type exit or Exit-PSSession. You can also use New-PSSession to create the session to use with Invoke-Command.
To connect to a machine with CredSSP and a different credential, you can use
Enter-PSSession -ComputerName sharepoint.contoso.com -Authentication CredSSP –Credential domain\usernameThis will pop up a dialogue for you to type in password. If you want this process to be fully automated, you can store the credential first into a file.
Store and use credentials for scripting
A credential in Windows PowerShell is a object which contains username (as plain text) and password (as secure string).
First, use the following command to covert password from keyboard input to a secure string in a text file.
Read-Host -AsSecureString | ConvertFrom-SecureString | out-file C:\crd-sharepoint.txt
![snap0099[5]](http://blogs.msdn.com/blogfiles/opal/WindowsLiveWriter/SharePoint2010PowerShellRemoting_135B8/snap0099%5B5%5D.png "snap0099[5]"){kind=small}
When you need to create a credential object, read this password (the secure string) from the file and create the credential with the following command:$pwd = Get-Content C:\crd-sharepoint.txt | ConvertTo-SecureStringthen create the credential (replace myusername with your domain\username):
$crd = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "myusername",$pwd
Then you will be able to use this credential in the command line without any dialogue.
Enter-PSSession -ComputerName sharepoint.contoso.com -Authentication CredSSP -Credential $crdLoad SharePoint Windows PowerShell Snap-in
Unlike SharePoint Management Shell, You need to load this snap-in manually to use the cmdlets for SharePoint.
Add-PSSnapin Microsoft.SharePoint.Powershell
Reference by http://blogs.msdn.com/b/opal/archive/2010/03/07/sharepoint-2010-with-windows-powershell-remoting-step-by-step.aspx
No comments:
Post a Comment