Forum Discussion

andrewtinaza's avatar
andrewtinaza
Copper Contributor
Oct 31, 2024

Entering in commands on a remote workstation using a PS script

I am trying to create a PS script that opens a session on a remote workstation and executes these commands:

 

netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes profile=domain
 
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
 
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
 
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
 
Set-NetFirewallRule -DisplayGroup "Network Discovery" -Enabled True
 
This is the part of the script giving me trouble:
 

$session = New-PSSession -ComputerName $workstationName

# Prompt for credentials
$cred = Get-Credential

# Use Invoke-Command to run the script block with elevated credentials
Invoke-Command -Session $session -Credential $cred -ScriptBlock {

# Check if the session is available
if ($session -ne $null) {
Write-Host "Session established. Waiting for the session to be ready..."

# PowerShell commands here
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes profile=domain
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
Set-NetFirewallRule -DisplayGroup "Network Discovery" -Enabled True
Get-Process
}

# Exit the remote session
Exit-PSSession
} else {
Write-Host "Failed to establish a session."
}

 

Here is the error.  Any help is appreciated

 

Invoke-Command : Parameter set cannot be resolved using the specified named parameters.
At C:\XXXX\VMPrepBeta6.ps1:67 char:5
+ Invoke-Command -Session $session -Credential $cred -ScriptBlock {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Invoke-Command], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.InvokeCommandCommand

  • LainRobertson's avatar
    LainRobertson
    Silver Contributor

    andrewtinaza 

     

    Hi, Andrew.

     

    You're getting that error because using both -Session and -Credential on the same call to Invoke-Command is not a supported combination, which you can see from the documentation:

     

     

    That said, this script is also unnecessarily complex, where you can simplify it down to the following:

     

    # Prompt for credentials
    $cred = Get-Credential;
    
    # Use Invoke-Command to run the script block with elevated credentials
    Invoke-Command -ComputerName $workstationName -Credential $cred -ScriptBlock {
        # PowerShell commands here
        Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0;
        Enable-NetFirewallRule -Name "FPS-ICMP4-ERQ-In-NoScope";    # Using the pre-defined name of the rule specific to the domain profile.
        Enable-NetFirewallRule -DisplayGroup "Remote Desktop", "Network Discovery", "windows management instrumentation (wmi)";
        Get-Process;
    }

     

    The only time you might look to create a separate session would be if you have a valid use case for calling Invoke-Command against the same workstation multiple times, but I can't recall seeing such a scenario.

     

    Cheers,

    Lain

  • andrewtinaza 

     

    Use the credentials when creating the session, not with Invoke-Command

    Please try this script.

     

    $cred = Get-Credential
    $session = New-PSSession -ComputerName $workstationName -Credential $cred

    if ($session -ne $null) {
    Invoke-Command -Session $session -ScriptBlock {
    netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes profile=domain
    Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0
    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
    netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
    Set-NetFirewallRule -DisplayGroup "Network Discovery" -Enabled True
    Get-Process
    }
    Remove-PSSession -Session $session
    } else {
    Write-Host "Failed to establish a session."
    }

Resources