Tunnel a PowerShell script to a remote machine and invoke via WMI


In blog post „Invoke a remote command without WinRM, psexec or similar – Access administrative shares even if they have been removed“ I demonstrated how to use WMI to execute a command on a remote computer. The task was pretty simplistic as I only had to create a share. However as this was working pretty well and also out of curiosity I wanted to know if I can use the same process for more complex scenarios.

So I wanted to know, if I can also invoke a full PowerShell script via this way, while the script itself is not available on the remote computer.

Let’s start with a small script. I’m using a ScriptBlock for demonstration purposes, but reading a script file is working the exact same way. To keep it simple, I’m just reading the folders on the System drive and export them to csv file in the temp folder:

Nothing fancy.

Now a quick look on how to execute a PowerShell script. Looking at the command line options for PowerShell.exe, most of you probably know the File parameter, which can be used to execute a script file. In the current scenario this won’t really help, as the script isn’t available on the remote computer. Another option would be the Command parameter, that takes either a string or a ScriptBlock. However, as our ScriptBlock/Script can contain special characters, line breaks, quotation marks etc, it might get complicated to escape them properly. A relatively unknown parameter is the EncodedCommand, which takes a Base64 encoded string.

So let’s get a Base64 encoded string from the ScriptBlock using the following snippet:

Prepare the PowerShell.exe command:

And finally use the snippet from the mentioned blog post to execute this command on a remote computer:

Execute and check on the remote computer if it created the file in your temp folder.

A few things to note:

  • The script should run completely unattended.
  • Make sure it’s handling errors and exceptions properly.
  • You won’t get any direct feedback from the script.
  • You will not be able to interact with any network location.
  • Variable substitution can be challenging.


No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Install Vmware PowerCLI

PowerCLI is really easy to install now. From an Administrative Powershell window just enter: Install-Module -Name VMware.PowerCLI Minimum Powershell Version must be v3.   Offline Install of PowerCLI Accessing the PowerCLI Modules We’re now ready to download the PowerCLI modules. This task will require a system with internet access. This …

Pass credentials with Powershell – 3 Ways

Interactive Here’s your typical scenario.   You have a script that requires credentials internally.  So to provide those credentials you would do something like $MyCredentials=GET-CREDENTIAL –credential “CONTOSO\Username” and you of course see a box like this normally on the screen Then you would type in the password and life would go …

MDT – Joining a Computer to a Domain Using PowerShell

Using PowerShell scripts within a task sequence provides more flexibility than using the CustomSettings.ini file to join a computer to a domain. The parameters of the CustomSettings.ini file are common to any deployment you perform. That’s why creating a custom PowerShell script to join your domain will be customize to …