SharePoint 2010 Management with PowerShell from the Outside - Walkthrough

By -
SharePoint 2010 and PowerShell are united to allow running virtually any command from from a command-line interface, and even, from a remote computer that's not even inside the server's domain.

Objective: Run SharePoint Commands from any Remote PC

Requirements:
Windows PowerShell V2 (CTP3)
Windows Remote Management - WinRM (CTP3)

Needed Configurations

#ENABLE WinRM

> Net Start WinRM
> Enable-PSRemoting
> Set-WSManQuickConfig

#Create HTTPS listener
winrm create winrm/config/listener?Address=*+Transport=HTTPS @{Hostname="DESTINY_HOSTNAME";CertificateThumbprint="7fd53c46a38c60c089f3ab3451258f917011c655"}

CertificateThumbprint can be found running mmc,
> File, Add Snapp-in
> Certificates, Add
> Personal, Certificates
> Double Click certificate, Details, Certificate, Thumbprint
> Select all, copy to notepad
> Delete all white-spaces and ? characters, leave only numbers and leters


#set trusted hosts on origin computer
#ORIGIN HOST MUST HAVE DESTINY HOST IN TRUSTED ZONES EQUAL TO THE ONE USED TO CONNECT
Set-Item WSMan:\localhost\client\trustedhosts [COMPUTER_IP_OR_FQDN] -force

Needed Code
#get username and password
$credentials=Get-Credential
#create session to enable multiple commands from being executed
$SessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck
$Session = new-pssession -computername [COMPUTER_IP_OR_FQDN] -SessionOption $SessionOption -UseSSL -Port 443 -Credential $credentials

#enable SharePoint commands in shell
Invoke-Command -session $Session -ScriptBlock {Add-PSSnapin Microsoft.SharePoint.PowerShell}

#create new SPSite within Web Application in port 80
Invoke-Command -session $Session -ScriptBlock {$new_sub_site=New-SPSite -url "http://localhost/sites/tiago" -OwnerAlias "bindprovisioning" -Template "STS#0"}


Common Issues:
- Access Denied
1) Run PowerShell as Administrator
2) Make sure administrator password is not blank
3) Make sure you have filter policy enabled:
new-itemproperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -propertyType DWord -value 1

- request error
Make sure WinRM is running on both computers and using HTTP auto assigned ports

- Cannot Check Certificate Authority
use -SkipCACheck

- Cannot Check hostname for certificate
use -SkipCNCheck


Help
These might help you throught WinRM errors

#get current listeners (can be http, https and others)
#SERVERS RUNNING IIS NEED TO USE HTTPS ON WINRM
winrm e winrm/config/listener

#Change property in listener already created
#REMEMBER: KEYS ARE CASE SENSITIVE!
winrm set winrm/config/listener?Address=*+Transport=HTTP @{Enabled="false"}

winrm set winrm/config/listener?Address=*+Transport=HTTP @{Key="Value"}

#delete listener
winrm deletewinrm/config/listener?Address=*+Transport=HTTPS

Additional Information
Technet Post On WinRM

Comments

Post a Comment

Popular posts from this blog

Breaking down document locking in SharePoint

By -
Image
This is a topic I've been meaning to discuss in a while. We open, change and close documents almost every day, and sometimes we collaborate with other people at the same time on those documents. SharePoint brings all co-authoring features we need, straight out-of-the-box, but sometimes, there are problems. While things are starting to look better on the cloud side, the concept of document locking is still very much up-to-date and understanding how it works and what to do when things go wrong is crucial. In an article that has since disappeared the Microsoft Knowledge Base (but still available here ), Microsoft explains it best: When a document is opened by a client program, Windows SharePoint Services puts a write lock on the document on the server. The write lock times out after 10 minutes. Users cannot modify the document during the time when the document is locked. In a scenario where the program that opens the document unexpectedly quits or crashes and you try to open the do
Read more

Working around X-Frame-Options for iframes

By -
Image
The problem: One of the first things we noticed after migrating to SharePoint 2013 was that our iframes have stopped working, giving the error: "Refused to display 'http://contoso/pages/home.aspx' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'." Quickly we could see that this is in fact a security mechanism to prevent click-jacking and others: "The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame or iframe. Sites can use this to avoid Clickjacking attacks, by ensuring that their content is not embedded into other sites." Soon we realized that, starting SharePoint 2013, an HTTP Module is adding the header " X-Frame-Options " by default, with the value " SAMEORIGIN ". This is effectively preventing the rendering of pages outside the scope of the current web application. The (attempted) solution: So what to do?
Read more

Document ID not being generated

By -
Image
Problem In a scenario where we have many document Content Types, we may want to enable Document ID - aka "Permanent Links" - which is a feature in SharePoint that assigns a specific ID for each document. That ID never changes even if the document is renamed or moved to another location. In this scenario, the Document ID field was being generated for some libraries/content types, but not others, which is a surprisingly common problem. Background There are several stages we need to go through to enable use this mechanism. Stage 1 We enable the feature in the Site Collection Features. Stage 2 Under Site Collection Administration > Document ID Settings, we need to enable the assignment and pick a prefix. The IDs use the format: PREFIX-LISTID-LISTITEMID ( ref ) Where: PREFIX: the preconfigured prefix for the site collection, which can be any set of numbers and letters between 4-12 characters LISTID: the property docid_msft_hier_listid of the list
Read more