Im slowly getting my feet wet with Powershell, so I am a new beginner. Trying to have PS pull from a text file a list of PCs and let me know the status of their App Identity Service. The basic script errors out (below). I added in the $ErrorActionPreference = 'SilentlyContinue statement and I dont see the error, but the script still stops. I get the first two results and it error out after. Any ideas?
$ErrorActionPreference = 'SilentlyContinue' $path = 'C:\Users\user\Documents\list.txt' $pc = Get-Content $path gwmi win32_service -ComputerName $pc | where name -like "APPIDSVC" | select SystemName,startmode,state | Out-GridView
Here is my error (ACCESS DENIED)
gwmi : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) At line:3 char:1 + gwmi win32_service -ComputerName $pc | where name -like "APPIDSVC" | ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand gwmi : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) At line:3 char:1 + gwmi win32_service -ComputerName $pc | where name -like "APPIDSVC" | ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
Enable remote management on your targeted endpoints by running
winrm quickconfig on each of them. (If you have a lot, you can configure this with a GPO or tool like SCCM.)
That will start the service that listens for incoming PowerShell management. Beyond that, you'll need to make sure that your firewall[s] are allowing ports 5985 and 5986 for this service to work.
As you noted, the account that you are using to remotely manage (or query) using PowerShell will also need local admin rights on the target machine. A great way to solve for this is to create a 'Server Administrators' group in Active Directory and use a group policy object to add this group to the local administrators group on every server (except on your domain controllers.) Then, create separate server admin accounts for your sysadmins (these should be separate from their standard, daily use accounts, and separate from any accounts that are domain admins) and put these accounts into the 'Server Administrators' group.
User contributions licensed under CC BY-SA 3.0