关于远程要求About Remote Requirements

简短说明SHORT DESCRIPTION

描述在 PowerShell 中运行远程命令的系统要求和配置要求。Describes the system requirements and configuration requirements for running remote commands in PowerShell.

详细说明LONG DESCRIPTION

本主题介绍在 PowerShell 中建立远程连接和运行远程命令的系统要求、用户要求和资源要求。This topic describes the system requirements, user requirements, and resource requirements for establishing remote connections and running remote commands in PowerShell. 它还提供了有关配置远程操作的说明。It also provides instructions for configuring remote operations.

注意:许多 cmdlet (包括 Get-help、Get-wmiobject 和 Get-WinEvent cmdlet,) 从远程计算机获取对象,方法是使用 Microsoft .NET Framework 方法检索这些对象。Note: Many cmdlets (including the Get-Service, Get-Process, Get-WMIObject, Get-EventLog, and Get-WinEvent cmdlets) get objects from remote computers by using Microsoft .NET Framework methods to retrieve the objects. 它们不使用 PowerShell 远程处理基础结构。They do not use the PowerShell remoting infrastructure. 本文档中的要求不适用于这些 cmdlet。The requirements in this document do not apply to these cmdlets.

若要查找具有 ComputerName 参数但不使用 Windows PowerShell 远程处理的 cmdlet,请阅读 cmdlet 的 ComputerName 参数说明。To find the cmdlets that have a ComputerName parameter but do not use Windows PowerShell remoting, read the description of the ComputerName parameter of the cmdlets.

系统要求SYSTEM REQUIREMENTS

若要在 Windows PowerShell 3.0 上运行远程会话,本地计算机和远程计算机必须具有以下各项:To run remote sessions on Windows PowerShell 3.0, the local and remote computers must have the following:

  • Windows PowerShell 3.0 或更高版本Windows PowerShell 3.0 or later
  • Microsoft .NET Framework 4 或更高版本The Microsoft .NET Framework 4 or later
  • Windows 远程管理3。0Windows Remote Management 3.0

若要在 Windows PowerShell 2.0 上运行远程会话,本地计算机和远程计算机必须具有以下各项:To run remote sessions on Windows PowerShell 2.0, the local and remote computers must have the following:

  • Windows PowerShell 2.0 或更高版本Windows PowerShell 2.0 or later
  • Microsoft .NET Framework 2.0 或更高版本The Microsoft .NET Framework 2.0 or later
  • Windows 远程管理2。0Windows Remote Management 2.0

可以在运行 Windows PowerShell 2.0 和 Windows PowerShell 3.0 的计算机之间创建远程会话。You can create remote sessions between computers running Windows PowerShell 2.0 and Windows PowerShell 3.0. 但是,仅在 Windows PowerShell 3.0 上运行的功能(如断开连接和重新连接到会话的能力)仅在两台计算机都运行 Windows PowerShell 3.0 时才可用。However, features that run only on Windows PowerShell 3.0, such as the ability to disconnect and reconnect to sessions, are available only when both computers are running Windows PowerShell 3.0.

若要查找已安装的 PowerShell 版本的版本号,请使用 $PSVersionTable 自动变量。To find the version number of an installed version of PowerShell, use the $PSVersionTable automatic variable.

Windows 8、Windows Server 2012 和更新版本的 Windows 操作系统中都包含了 Windows 远程管理 (WinRM) 3.0 和 Microsoft .NET Framework 4。Windows Remote Management (WinRM) 3.0 and Microsoft .NET Framework 4 are included in Windows 8, Windows Server 2012, and newer releases of the Windows operating system. 对于较早版本的操作系统,Windows Management Framework 3.0 中包含 WinRM 3.0。WinRM 3.0 is included in Windows Management Framework 3.0 for older operating systems. 如果计算机不具有所需的 WinRM 版本或 Microsoft .NET 框架,则安装将失败。If the computer does not have the required version of WinRM or the Microsoft .NET Framework, the installation fails.

用户权限USER PERMISSIONS

若要创建远程会话并运行远程命令,则默认情况下,当前用户必须是远程计算机上 Administrators 组的成员,或者提供管理员凭据。To create remote sessions and run remote commands, by default, the current user must be a member of the Administrators group on the remote computer or provide the credentials of an administrator. 否则,该命令将失败。Otherwise, the command fails.

在远程计算机上创建会话和运行命令所需的权限 (或本地计算机上的远程会话中) 由会话配置建立, (在该会话连接到的远程计算机上也称为 "终结点" ) 。The permissions required to create sessions and run commands on a remote computer (or in a remote session on the local computer) are established by the session configuration (also known as an "endpoint") on the remote computer to which the session connects. 具体而言,会话配置上的安全描述符确定谁有权访问会话配置,哪些用户可以使用它来进行连接。Specifically, the security descriptor on the session configuration determines who has access to the session configuration and who can use it to connect.

默认会话配置、Microsoft.powershell32 和 Microsoft PowerShell 上的安全描述符允许仅访问 Administrators 组的成员的访问权限。The security descriptors on the default session configurations, Microsoft.PowerShell, Microsoft.PowerShell32, and Microsoft.PowerShell.Workflow, allow access only to members of the Administrators group.

如果当前用户没有使用会话配置的权限,则运行命令 (使用临时会话) 或在远程计算机上创建持久会话的命令将失败。If the current user doesn't have permission to use the session configuration, the command to run a command (which uses a temporary session) or create a persistent session on the remote computer fails. 用户可以使用 cmdlet 的 ConfigurationName 参数来创建会话,以选择不同的会话配置(如果有)。The user can use the ConfigurationName parameter of cmdlets that create sessions to select a different session configuration, if one is available.

计算机上 Administrators 组的成员可以通过更改默认会话配置上的安全描述符,并通过使用不同的安全描述符创建新的会话配置来确定有权远程连接到计算机的人员。Members of the Administrators group on a computer can determine who has permission to connect to the computer remotely by changing the security descriptors on the default session configurations and by creating new session configurations with different security descriptors.

有关会话配置的详细信息,请参阅 about_Session_ConfigurationsFor more information about session configurations, see about_Session_Configurations.

WINDOWS 网络位置WINDOWS NETWORK LOCATIONS

从 Windows PowerShell 3.0 开始,Enable-PSRemoting cmdlet 可在专用、域和公用网络上的 Windows 客户端和服务器版本上启用远程处理。Beginning in Windows PowerShell 3.0, the Enable-PSRemoting cmdlet can enable remoting on client and server versions of Windows on private, domain, and public networks.

在具有专用网络和域网络的 Windows server 版本中,Enable-PSRemoting cmdlet 将创建允许无限制远程访问的防火墙规则。On server versions of Windows with private and domain networks, the Enable-PSRemoting cmdlet creates firewall rules that allow unrestricted remote access. 它还为公用网络创建防火墙规则,该规则仅允许来自同一本地子网中的计算机进行远程访问。It also creates a firewall rule for public networks that allows remote access only from computers in the same local subnet. 默认情况下,在公用网络上的 Windows 服务器版本上会启用此本地子网防火墙规则,但 Enable-PSRemoting 会在更改或删除规则的情况下重新应用该规则。This local subnet firewall rule is enabled by default on server versions of Windows on public networks, but Enable-PSRemoting reapplies the rule in case it was changed or deleted.

对于具有专用网络和域网络的 Windows 的客户端版本,默认情况下,Enable-PSRemoting cmdlet 将创建允许无限制远程访问的防火墙规则。On client versions of Windows with private and domain networks, by default, the Enable-PSRemoting cmdlet creates firewall rules that allow unrestricted remote access.

若要在具有公用网络的 Windows 的客户端版本上启用远程处理,请使用 Enable-PSRemoting cmdlet 的 SkipNetworkProfileCheck 参数。To enable remoting on client versions of Windows with public networks, use the SkipNetworkProfileCheck parameter of the Enable-PSRemoting cmdlet. 它创建一个防火墙规则,该规则仅允许来自同一本地子网中的计算机进行远程访问。It creates a firewall rule that allows remote access only from computers in the same local subnet.

若要删除公用网络上的本地子网限制并允许从 Windows 客户端和服务器版本上的所有位置进行远程访问,请在 NetSecurity 模块中使用 Set-NetFirewallRule cmdlet。To remove the local subnet restriction on public networks and allow remote access from all locations on client and server versions of Windows, use the Set-NetFirewallRule cmdlet in the NetSecurity module. 运行以下命令:Run the following command:

Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any

在 Windows PowerShell 2.0 中,在 Windows 的服务器版本上 Enable-PSRemoting 创建允许在所有网络上进行远程访问的防火墙规则。In Windows PowerShell 2.0, on server versions of Windows, Enable-PSRemoting creates firewall rules that permit remote access on all networks.

在 Windows PowerShell 2.0 中,在 Windows 的客户端版本上,Enable-PSRemoting 仅在专用网络和域网络上创建防火墙规则。In Windows PowerShell 2.0, on client versions of Windows, Enable-PSRemoting creates firewall rules only on private and domain networks. 如果网络位置是公共的,Enable-PSRemoting 会失败。If the network location is public, Enable-PSRemoting fails.

以管理员身份运行RUN AS ADMINISTRATOR

以下远程处理操作需要管理员权限:Administrator privileges are required for the following remoting operations:

  • 建立与本地计算机的远程连接。Establishing a remote connection to the local computer. 这通常称为 "环回" 方案。This is commonly known as a "loopback" scenario.

  • 管理本地计算机上的会话配置。Managing session configurations on the local computer.

  • 查看和更改本地计算机上的 WS-Management 设置。Viewing and changing WS-Management settings on the local computer. 这些是 WSMAN:驱动器的 LocalHost 节点中的设置。These are the settings in the LocalHost node of the WSMAN: drive.

若要执行这些任务,必须使用 "以管理员身份运行" 选项启动 PowerShell,即使您是本地计算机上 Administrators 组的成员也是如此。To perform these tasks, you must start PowerShell with the "Run as administrator" option even if you are a member of the Administrators group on the local computer.

在 Windows 7 和 Windows Server 2008 R2 中,通过 "以管理员身份运行" 选项启动 Windows PowerShell:In Windows 7 and in Windows Server 2008 R2, to start Windows PowerShell with the "Run as administrator" option:

  1. 依次单击 "开始"、"所有程序"、"附件",然后单击 "Windows PowerShell" 文件夹。Click Start, click All Programs, click Accessories, and then click the Windows PowerShell folder.
  2. 右键单击 "Windows PowerShell",然后单击 "以管理员身份运行"。Right-click Windows PowerShell, and then click "Run as administrator".

若要通过 "以管理员身份运行" 选项启动 Windows PowerShell:To start Windows PowerShell with the "Run as administrator" option:

  1. 依次单击 "开始"、"所有程序",然后单击 "Windows PowerShell" 文件夹。Click Start, click All Programs, and then click the Windows PowerShell folder.
  2. 右键单击 "Windows PowerShell",然后单击 "以管理员身份运行"。Right-click Windows PowerShell, and then click "Run as administrator".

Windows PowerShell 的其他 Windows 资源管理器项(包括快捷方式)中也提供了 "以管理员身份运行" 选项。The "Run as administrator" option is also available in other Windows Explorer entries for Windows PowerShell, including shortcuts. 只需右键单击该项目,然后单击 "以管理员身份运行" 即可。Just right-click the item, and then click "Run as administrator".

从其他程序(如 Cmd.exe)启动 Windows PowerShell 时,请使用 "以管理员身份运行" 选项启动程序。When you start Windows PowerShell from another program such as Cmd.exe, use the "Run as administrator" option to start the program.

如何将计算机配置为进行远程处理HOW TO CONFIGURE YOUR COMPUTER FOR REMOTING

运行所有受支持的 Windows 版本的计算机无需任何配置即可在 PowerShell 中建立远程连接和运行远程命令。Computers running all supported versions of Windows can establish remote connections to and run remote commands in PowerShell without any configuration. 但是,若要接收连接以及允许用户创建本地和远程用户管理的 PowerShell 会话 ( "Pssession" ) 并在本地计算机上运行命令,则必须在计算机上启用 PowerShell 远程处理。However, to receive connections, and allow users to create local and remote user-managed PowerShell sessions ("PSSessions") and run commands on the local computer, you must enable PowerShell remoting on the computer.

默认情况下,为 PowerShell 远程处理启用 windows server 2012 和更新版本的 Windows Server。Windows Server 2012 and newer releases of Windows Server are enabled for PowerShell remoting by default. 如果更改了设置,则可以通过运行 Enable-PSRemoting cmdlet 来还原默认设置。If the settings are changed, you can restore the default settings by running the Enable-PSRemoting cmdlet.

在所有其他受支持的 Windows 版本上,需要运行 Enable-PSRemoting cmdlet 来启用 PowerShell 远程处理。On all other supported versions of Windows, you need to run the Enable-PSRemoting cmdlet to enable PowerShell remoting.

WinRM 服务支持 PowerShell 的远程处理功能,这是用于管理的 Web 服务 (WS-MANAGEMENT) 协议的 Microsoft 实现。The remoting features of PowerShell are supported by the WinRM service, which is the Microsoft implementation of the Web Services for Management (WS-Management) protocol. 启用 PowerShell 远程处理时,将更改 WS-Management 的默认配置,并添加允许用户连接到 WS-MANAGEMENT 的系统配置。When you enable PowerShell remoting, you change the default configuration of WS-Management and add system configuration that allow users to connect to WS-Management.

将 PowerShell 配置为接收远程命令:To configure PowerShell to receive remote commands:

  1. 以 "以管理员身份运行" 选项启动 PowerShell。Start PowerShell with the "Run as administrator" option.
  2. 在命令提示符处,键入:Enable-PSRemotingAt the command prompt, type: Enable-PSRemoting

若要验证远程处理是否已正确配置,请运行以下命令(如)在本地计算机上创建远程会话的测试命令。To verify that remoting is configured correctly, run a test command such as the following command, which creates a remote session on the local computer.

New-PSSession

如果远程处理配置正确,则该命令将在本地计算机上创建一个会话,并返回表示该会话的对象。If remoting is configured correctly, the command will create a session on the local computer and return an object that represents the session. 输出应类似于以下示例输出:The output should resemble the following sample output:

Id Name        ComputerName    State    ConfigurationName
-- ----        ------------    -----    -----
1  Session1    localhost       Opened   Microsoft.PowerShell

如果命令失败,请参阅 about_Remote_TroubleshootingIf the command fails, for assistance, see about_Remote_Troubleshooting.

了解策略UNDERSTAND POLICIES

远程工作时,可以使用 PowerShell 的两个实例,一个实例在本地计算机上,另一个位于远程计算机上。When you work remotely, you use two instances of PowerShell, one on the local computer and one on the remote computer. 因此,你的工作会受到本地和远程计算机上的 Windows 策略和 PowerShell 策略的影响。As a result, your work is affected by the Windows policies and the PowerShell policies on the local and remote computers.

通常,在连接之前以及建立连接时,本地计算机上的策略是有效的。In general, before you connect and as you are establishing the connection, the policies on the local computer are in effect. 使用连接时,远程计算机上的策略生效。When you are using the connection, the policies on the remote computer are in effect.

另请参阅SEE ALSO

about_Remoteabout_Remote

about_Remote_Variablesabout_Remote_Variables

about_PSSessionsabout_PSSessions

Invoke-CommandInvoke-Command

Enter-PSSessionEnter-PSSession

New-PSSessionNew-PSSession