Invoke-Command: How to Run PowerShell Commands Remotely

In this guide, you will learn how to use the invoke-command to execute PowerShell commands and scripts on remote computers.

Table of contents:

Let’s get started.

Invoke-Command Requirments

Before you can use the invoke-command the remote computer must have:

  1. The Windows Remote Management service must be running
  2. Allow Windows Remote Management in the Windows Firewall

In the next section, I’ll walk through how to enable this for multiple computers by using group policy.

Group Policy Settings

By default, the Windows Remote Management service is not running and the firewall blocks the inbound connection. You can use group policy to control these settings on all domain-joined computers.

Step 1: Create a New GPO

You can add these settings to an existing GPO or create a new GPO. In this example I’ll create a new GPO.

1. Create or edit an existing GPO, I linked mine at the root of the domain and called it PSRemoting. Linking at the root of the domain will apply this GPO to all users and computers. You can link it to an OU to limit the scope.

2. Edit the GPO and navigate to Computer Configuration -> Windows Settings -> Security Settings -> System Services

gpo windows remote management

3. Select the Windows Remote Management (WS-Management) and set the service startup mode to Automatic.

gpo set service to automatic

4. Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Windows Defender Firewall with Advanced Security

5. Right-click on inbound rule and select “New Rule”

firewall new rule

On the rule type screen select predefined and select “Windows Remote Management” then click Next.

firewall windows remote management

Select the “Domain, Private” profile and uncheck the Public profile. Click Next

enable windows remote management rule

Select “Allow the connection” and click Finish

Tip: For security reasons, I recommend only allowing specific authorized computers to use PowerShell commands remotely. You can limit this by using the scope settings on the firewall rule. In the remote IP address section list the IP address of your computer or any other computer you want to allow.

set remote ip address

That completes the GPO settings.

Step 2: Run gpupdate or Reboot Computer

Next, the remote computers need their policies refreshed to pull down the new GPO. They will get refreshed every 90 minutes on their own but to force a refresh run gpupdate on the computer. This will start the Windows Remote Management service and add the firewall rule on the remote computers.

gpupdate command

Now I’ll check the services and firewall.

windows remote management service status

The service is now running.

windows remote management firewall status

The Firewall rule is added.

Invoke-Command Examples

Here are some examples of using the invoke-command.

Example 1: Get services on a remote computer

The scriptblock parameter specifies the PowerShell command to run.

invoke-command -ComputerName pc1 -scriptblock {Get-Service} 
invoke command get service example

Example 2: Get services on multiple computers

To run PowerShell commands on multiple remote computers just separate them by a comma. You can use hostname or IP address.

invoke-command -ComputerName pc1, srv-vm1 -scriptblock {Get-Service} 
invoke command multiple computers

Example 3. Run a Script on a Remote Computer

This example will run getinfo.ps1 script on remote computers pc1 and srv-vm1.

Invoke-Command -FilePath c:\scripts\getinfo.ps1 -ComputerName pc1, srv-vm1

Example 4: Get Windows Version on a Remote Computer

Use the systeminfo command to get the windows version info from remote computers.

invoke-command -ComputerName pc1 -scriptblock {systeminfo} 
invoke command get windows version

Example 5: Run commands on all computers from a text file

If you have a large list of computers you can put them in a text file. For example, I have a list of computers in a file called computers.txt.

Invoke-Command -ComputerName (Get-Content c:\it\computers.txt) -scriptblock {systeminfo}

Example 6: Set Credentials

If the computer is in a different security context you may need to specify credentials.

$Credential = Get-Credential
Invoke-Command -ComputerName pc1 -Credential $Credential -ScriptBlock { Get-service}

Example 7: Get Event Logs from Remote Computer

In this example, I’ll get event ID 4624 from a remote computer

invoke-command -ComputerName pc1 -scriptblock {Get-WinEvent @{logname='security';ID=4624} -MaxEvents 5}
get event logs from remote computer

Example 8: Get PowerShell Version

This example will get the PowerShell version on remote computers

Invoke-Command -ComputerName pc1, srv-vm1 -ScriptBlock {$PSVersionTable.PSVersion}
invoke command get powershell version

Example 9: Run Multiple Commands

In this example, I’m running get-process and get-service on the remote computer.

Invoke-Command -ComputerName pc1 -ScriptBlock {(get-process), (get-service)}

Hopefully, the above examples give you an idea of how to run PowerShell commands remotely. Check out the Microsoft invoke-command documentation to learn more.

An alternative to the invoke-command is the psexec command. The PsExec command is a lightweight utility that lets you execute processes on remote commands, it also lets you launch programs and interacts with the console.

Recommended Tool: Permissions Analyzer for Active Directory

This FREE tool lets you get instant visibility into user and group permissions and allows you to quickly check user or group permissions for files, network, and folder shares.

You can analyze user permissions based on an individual user or group membership.

This is a Free tool, download your copy here.

Leave a Comment