Powershell – Remote Management of Windows Systems

This article should held to initially configure your windows clients to be managed remotely by powershell. There are some configurations needed so that the clients can be accessed remotely.

  • Configuration of the firewall
  • Configuration of the WinRM service

It can be configured either by GPO (group policy) or remotely by using WMI and a script.

When configured properly, you can access the clients with powershell:

 


Configure Remote Access

GPO Settings

You need to make the following changes in the clients GPO settings.

Enabling von WinRM

Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service

  • Server 2008 R2 and later: Open the Allow Remote Server management through WinRM policy setting.
  • Server 2008 and earlier: Open the Allow automatic configuration of listeners policy setting.
  • Set the Policy to Enabled.
  • Set the IPv4 and IPv6 filters to * unless you need something specific there (check out the help on the right).

Firewall Configuration

Configure the firewall settings so that WinRM remote access is allowed.

  • Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile
    inbound port exceptions policy setting.
    5985:TCP:*:enabled:WSMan

WinRM Service Autostart

  • Policies > Windows Settings > Security Settings > System Services
    Windows Remote Management (WS-Management) service.
    Autostart

Execute Scripts and Commands on Remote System

Word – Auto Fill Fields with data from active directory

I had a request recently from a customer to create a new solution, that allows to automatically fill document content in word with information about the current user from active directory.
So let’s say you open the standardized letter of your company, then you push a button in the toolbar and some fields in the document will automatically be filled out for you. I.e. address, phone number, etc.

We created a simple word macro to get the job done. Here’s a step by step guide.
This is a demo for the macro, if you like to pull more information from active directory you have to make customisations.

Creating the macro

First off, we want a macro that is able to pull the user information from active directory. We want the macro to be available for execution every time you open any word document.
So we put the macro in a document (dotm) and save it in the startup folder of word.

  • First, create a new empty word document.
 
  • In the options, check the folder that is defined as your startup folder.
  • In my word 2016 this is: file / options / advanced / file locations
  • Im my case it is set to u:\templates\startup
 
  • Close the dialogs again and save your empty document in the startup folder as “Word Macro-Enabled Template (*.dotm)”
  • Save it as: ldap_macro.dotm
 
  • Now it is time to actually insert the macro in the ldap_macro.dotm template
  • Press Alt+F11 to open the VBA editor
  • Underneath the ldap_macro document, double click “ThisDocument”
  • Paste the code (below)
  • Close the VBA Code Editor
  • Save the document and close Word. The macro will now always be available when we open any word document

Creating button to execute the macro

Now let us create a button in the quick access toolbar to be able to execute the macro.

  • Open up word with a blank document
  • Rightclick the ribbon and select “Customize Quick Access Toolbar”
  • Choose “Macro”
  • Select the ldap_macro from the list and click “Add”
  • You can also customize the icon if you like
  • Select “OK”
  • The macro now appears in word in the quick access toolbar

Testing the macro

Now we create a word template that contains a custom field. The value of the field will be pulled from active directory by our macro.

  • Open up word with a blank document
  • Open the File Menu
  • Underneath “Properties” select “Advanced Properties”
  • Add a property with the name “LDAPMacro_Username”
  • Click “Add” and then “Ok”
  • Create a test letter with your sender address
  • Mark / select your first name, like shown in the picture
  • Then select “Quick parts” / “field”
  • Under Categories select “Document Information”
  • Then select “DocProperty”
  • Choose “LDAPMacro_Username”
  • At this point you could save the document as a letter template for your company. But we will test the macro now
  • If you start the macro by clicking the icon in the quick access toolbar, the surname field should be filled out with the information of you user account from active directory