Setup a New Microsoft Windows Server 2019 Core Installation to Accept Incoming PowerShell Connections in a Workgroup

#Setup a New Microsoft Windows Server 2019 Core Installation to Accept Incoming PowerShell Remoting connections in a Workgroup


#You will not need to do this if you perform your PowerShell tasks directly from a domain connected computer.  You need this if you have virtual machines or headless devices… or just plain lazy. Also not everyone has a domain controller and sometimes even a Hyper-V host computer will remain in a workgroup since it might host the domain controller and it is off topic… I work in PowerShell ISE for the most part and connect to where ever I need to.


#This is the first steps after a fresh clean install of Microsoft Windows Server 2019 Core to allow PowerShell Remoting and WSMan.

Initial Screen Ctrl, Alt,_Del_Server 2019 Core

#Press Ctrl-Alt-Delete to begin configuring Microsoft Windows Server 2019 Core

Change password before signing in Server 2019 Core

#Press Enter to select OK to change password

Set local administrator password Server 2019 Core

#Set password for .\administrator

Your password has been changed Server 2019 Core

#This initial password is for the local administrator account .\administrator is also a way to access this account. It is not part of active directory and therefore doesn’t fall under the Active Directory password policy. Do not make it something easy to guess. The standard policy require 8 characters minimum with upper and lower case letters, numbers and symbols. I suggest you follow that as this password will be passed to your initial domain administrator account, where it will fail to work, so it is just best to avoid issues.

Microsoft Windows Server 2019 Core command prompt Server 2019 Core

#This is cmd.exe start screen for Microsoft Windows Server 2019 Core. Type sconfig to bring up the cheater menu.

Run Powershell Server 2019 Core

#Type powershell and press enter to start a PowerShell session directly in Microsoft Windows Server 2019 Core cmd.exe prompt.

Enable-PSRemoting -Force Server 2019 Core

#Type Enable-PSRemoting -Force to enable PowerShell Remoting. You can use -SkipNetworkProfileCheck to allow management requests on a network Microsoft Windows has categorized as Public such as Hotspots and new unrecognized networks.

Enable-PSRemoting -SkipNetworkProfileCheck -Force

Get-Item WSMan clients trustedhosts Server 2019 Core

#This will show you what computers you “trust” to connect remotely via PowerShell Remote, no remote hosts are allowed by default.

Get-Item WSMan:\localhost\Client\TrustedHosts

Set-Item -Value IP addresses and computer names verify Server 2019 Core

#This creates a list of computers you “trust” so that you wish to make outgoing PowerShell Remote connections. It doesn’t need a value if you don’t plan to connect to other computers from this new server and/or just use a management PC. 

#This is not a list of computers that are allowed to use Enter-PSSession to connect to the new server and most likely you need to run this command on a Windows 10 management PC instead. You would include either the IP address of the new server, the computer name of the new server or ‘*’ if you want to be able to connect to anywhere.

Get-Item WSMan:\localhost\Client\TrustedHosts|Set-Item -Value '10.4.0.2,BEAKER'

#The code below will add entries to the TrustedHosts rather than overwrite them:

# Retrieve the current TrustedHosts value
$currentTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts).Value

# Define the new entries you want to add
$newEntries = "KERMIT,10.10.10.20"

# Check if currentTrustedHosts is empty and append new entries
if ([string]::IsNullOrEmpty($currentTrustedHosts)) {
$updatedTrustedHosts = $newEntries
} else {
$updatedTrustedHosts = "$currentTrustedHosts,$newEntries"
}

# Set the updated TrustedHosts value
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $updatedTrustedHosts

You can now connect via Eter-PSSession Server 2019 Core

#You can use either the server IP address or computer name if you need to perform this step.  I choose to use both so I avoid any issues when connecting. You need to type y and press Enter to confirm.  A value of ‘*’ allows the server to connect to any remote host.

#Now you can use Enter-PSSession to connect to your Microsoft Windows Sever 2019 Core install to configure it using PowerShell or RSAT tools.


#At this point you probably do not have Active Directory installed so you would use the command below to connect to the server. I use PowerShell ISE to open my list of common commands and just run them remotely from my desktop computer. After the -Cn is whatever IP address or computer name you added to WSMan:\localhost\Client\TrustedHosts

Enter-PSSession -Cn 10.4.0.2 -Credential administrator

#If you are running Microsoft Windows 2019 Core on Hyper-V then you can connect the way shown above from anywhere. You could connect the way below, from the Hyper-V host, if that isn’t also a core installation.  Be aware that connecting -VMName Vs. -ComputerName can cause some commands to behave differently or not at all.

Enter-PSSession -VMName Server2019 -Credential administrator

 

Installing and configuring PowerShell 7.2.1 on 64-bit Server 2019 and Windows 10

#Installing and configuring PowerShell 7.2.1 on 64-bit Server 2019 and Windows 10

#The installation commands shown here are for the latest stable release of PowerShell 7

#To be honest I don’t recommend upgrading if you plan to keep using all your existing scripts and commands without issue.  That most likely will not happen. PowerShell 7 doesn’t work well with Microsoft 365 and Microsoft Azure.  The login command fails, for example.  There might be a work around using the Microsoft Graph API but I haven’t managed to get that working.  The differences between PowerShell 5 and PowerShell 7 are discussed here.

 #I need to use the older Microsoft only releases of PowerShell for most of what I do.  PowerShell 7 does work on many non-Windows platforms but do not expect to use PowerShell 7 to manage your hard drives in Linux.  PowerShell 5.x and PowerShell 6.x only work on Microsoft Windows-based computers.

#It should also be mentioned that PowerShell 5 and PowerShell 7 run along side each other and is determined by which shell you choose to work in.  Another problem is that PowerShell ISE is not designed to work with PowerShell 7 and not included.


From Microsoft: 

#Is PowerShell ISE going away?

 
The PowerShell ISE is no longer in active feature development. As a shipping component of Windows, it continues to be officially supported for security and high-priority servicing fixes. … Users looking for replacement for the ISE should use Visual Studio Code with the PowerShell Extension.
 

 

PowerShell 7.2.1 can be downloaded for 64-bit Windows-based operating systems from the link below: 

https://github.com/PowerShell/PowerShell/releases/download/v7.2.1/PowerShell-7.2.1-win-x64.msi

Get more information about the latest version of Microsoft PowerShell 7.2 LTS from the link below:

https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.2


#Open firewall to allow PowerShell access to and from other computers on your network:

Set-NetConnectionProfile -NetworkCategory Private
Enable-PSRemoting

 

Join Windows 10 Professional To An Active Directory Domain Using PowerShell Direct

#Join Windows 10 Professional To An Active Directory Domain Using PowerShell Direct

#These are the commands to rename a Windows 10 client computer to GONZO and add that computer to a domain called domain.win10server2016.lan .

Rename-Computer -NewName GONZO -Verbose -PassThru #Rename computer before joining domain. Requires restart
Restart-Computer
Add-Computer -DomainName domain.win10server2016.lan -Credential domain\administrator -Passthru -Verbose #Join Active Directory Domain and add to Computer container. Requires restart
Restart-Computer

#The Longer Story…

#Your computer may not need to be renamed so skip that if needed. Also the Add-Computer command sends your newly added computers to the Computers container by default unless you specify an -OUPath when running Add-Computer.

#Rename computer before joining your domain if your computer name doesn’t comply with server standards. Restart required.

Rename-Computer -NewName GONZO -Verbose -PassThru #Rename computer before joining domain. Requires restart
Restart-Computer

 

#Join a domain called domain.muppetlabs.com. Restart required.

#You need to change the -DomainName from domain.win10server2016.lan to what you call your domain. Use -Restart at the end of the Add-Computer command to automatically restart.

Add-Computer -DomainName domain.win10server2016.lan -Credential domain\administrator -Passthru -Verbose #Join Active Directory Domain and add to Computer container. Requires restart
Restart-Computer

 


#A Bit More

#Specify a preconfigured Organizational Unit path when joining domain

#My domain is simple and this is not needed for me at this time. I don’t have multiple Organizational Units yet and I don’t need any Group Policies affecting this PC since I’m working with my Windows 10 Creators Edition management PC. I’m able to specify the -OUPath shown below, once I complete the step below to create an OU called ServerAdmins. This command adds the computer to OU=ServerAdmins.

#You are not able to specify another container besides the default Computers container, but there is a way to change the default container if you don’t specify an OU. I definitely don’t want my computers added to the default OU which is OU=Domain Controllers, so I don’t use this command switch unless I have created a new OU first. It has been suggested to create the OU and computer object prior to joining the domain, but I don’t need to do that at this point.

#The command below is used to specify an Organizational Unit when joining a domain, if needed.

Add-Computer -DomainName 'domain.win10server2016.lan' -OUPath 'OU=Producers,DC=domain,DC=win10server2016,DC=lan' -Credential 'DOMAIN\administrator' -Passthru -Verbose
Restart-Computer

#Create a new Organizational Unit on the server (Needs to be run on Windows Server 2016 with the Active Directory role installed and configured)

#If you preconfigure an alternative Organizational Unit on Windows Server 2016 then you can add your computers directly to that OU by specifying a -OUPath when running Add-Computer.

New-ADOrganizationalUnit -Name ServerAdmins -Description 'Administrator Rights' -DisplayName Producers -PassThru -Verbose

Enable Network Discovery In Windows 10 Without Using the netsh Command In PowerShell

#Enable Network Discovery In Windows 10 Without Using the netsh Command In PowerShell

#It is as simple as enabling  the pre-configured rule in Windows Firewall to enable Network Discovery in Windows 10 but using netsh is the old fashion way.

#Run just this one command in an elevated PowerShell prompt to enable Network Discovery

Get-NetFirewallRule -DisplayGroup 'Network Discovery'|Set-NetFirewallRule -Profile 'Private, Domain' -Enabled true -PassThru|select Name,DisplayName,Enabled,Profile|ft -a

#The Longer Story…

#Enabling the Network Discovery services it what makes the Network icon (formally My Network Places) work properly. These commands all work in both PowerShell and PowerShell Direct.

#Get Firewall rules for Network Discovery

#This command shows the individual rules and the network connection profiles that  are explicitly enabled and disabled for Network Discovery.

Get-NetFirewallRule -DisplayGroup 'Network Discovery'|select Name,DisplayName,Enabled,Profile|ft -a

#Enable Network Discovery for Private and Domain network profiles

#Enable the Network Discovery service for the Private and Domain network profiles by applying the preconfigured Windows Firewall group rule called Network Discovery by typing this:

Get-NetFirewallRule -DisplayGroup 'Network Discovery'|Set-NetFirewallRule -Profile 'Private, Domain' -Enabled true -PassThru|select Name,DisplayName,Enabled,Profile|ft -a

#â–²It will look like that in the GUI setup when Network Discovery is enabled.

#Set Network Connection Profile to Private.

Set-NetConnectionProfile -NetworkCategory Private -PassThru

#Disable Network Discovery for all network profiles

#Run this command to disable Network Discovery on all network profiles if you do not wish to keep the service available.

Get-NetFirewallRule -DisplayGroup 'Network Discovery'|Set-NetFirewallRule -Enabled false -PassThru|select Name,DisplayName,Enabled,Profile|ft -a

#â–²It will look like that in the GUI setup when Network Discovery is disabled.

Open Elevated PowerShell Prompt Here From Right-Click Context Menu Instead Of Command Prompt Here As Administrator In Windows 10

#Open Elevated PowerShell Prompt Here From Right-Click Context Menu Instead Of Command Prompt Here As Administrator In Windows 10

#Run these commands to enable an elevated Elevated PowerShell Prompt Here also known as PowerShell Here as Administrator when right clicking on a folder in Windows Explorer. These commands all work in both PowerShell and PowerShell Direct.

#Just the code:

New-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas -Verbose -Force|ft -a
Get-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas|Set-ItemProperty -Name '(default)' -Value 'Elevated PowerShell Prompt Here' -Verbose -PassThru|fl
Get-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas|Set-ItemProperty -Name Icon -Value 'C:\\Windows\\System32\\imageres.dll,-78' -Verbose -PassThru|fl
New-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas\command -Verbose -Force|ft -a
Get-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas\command|Set-ItemProperty -Name '(default)' -Value '"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoExit cd "%1"' -Verbose -PassThru|fl

#The Long Story…

#HKCR: does not work in this example and you do not need to mount first. This method accesses the registry directly. Many instructions say to use New-PSDrive to mount HKCR: first and use that convention to access it to do many things but none of that is needed.

#Get-PSDrive will show you what is mounted.

Get-PSDrive

#â–²As you can see there is no HKCR:

#Moving on…

#If done properly launching Elevated PowerShell Prompt Here will trigger a UAC prompt. This is normal and good. Create all the keys and values by typing the following commands in order:

New-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas -Verbose -Force|ft -a

Get-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas|Set-ItemProperty -Name '(default)' -Value 'Elevated PowerShell Prompt Here' -Verbose -PassThru|fl

Get-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas|Set-ItemProperty -Name Icon -Value 'C:\\Windows\\System32\\imageres.dll,-78' -Verbose -PassThru|fl

New-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas\command -Verbose -Force|ft -a

Get-Item Registry::HKEY_CLASSES_ROOT\Directory\shell\runas\command|Set-ItemProperty -Name '(default)' -Value '"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoExit cd "%1"' -Verbose -PassThru|fl

#This works when right-clicking only on folders in Windows Explorer and not drives or drive letters.

#Create the User’s file folder (from the Desktop Experience feature) on the Desktop of all new and current users

#Run this to create the User’s file folder (from the Desktop Experience Feature) on the Desktop of all new and current users. After that you will always have a folder nearby to single right-click on to launch an Elevated PowerShell Prompt Here session.

# Since HKLM is mounted already I can use the short path to manipulate the registry entries.

Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel|Set-ItemProperty -Name '{59031a47-3f72-44a7-89c5-5595fe6b30ee}' -Value 0

user folder created with registry change using microsoft powershell should appear on your Desktop after using F5 to refresh or on log off /reboot. Use the commands above to right-click and launch an elevated PowerShell prompt starting with the selected folder as a starting point.

Enable Hyper-V Role In Windows 10 Professional, Enterprise And Education Vs. Android Emulators

#Enable The Hyper-V Role in Windows 10 Professional, Enterprise Or Education Using PowerShell

#If this is the first time, and if if this will be the only time enabling the Hyper-V role in Windows 10, then this PowerShell command is all you need. If you need to switch the Hyper-V services on/off to avoid interference with other hypervisors and without removing the Hyper-V role then download Hyper-V Switch.

#Enable Hyper-V Role Using PowerShell

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Disable Hyper-V Role Using PowerShell

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

#The Long Story…

#Continue reading if you are having issues or are using a conflicting hypervisor or emulator and getting the dreaded Blue Screen of Death.

#Having Issues Enabling Hyper-V Role In Windows 10 Professional, Enterprise Or Education?

Check Requirements

  • Windows 10 Enterprise, Professional, or Education
  • 64-bit Processor with Second Level Address Translation (SLAT)
  • CPU support for VM Monitor Mode Extension (VT-c on Intel CPU’s)
  • Minimum of 4 GB memory

NOTE: The Hyper-V role cannot be installed on Windows 10 Home.

OK so beyond those requirements lies a different issue many are facing with the advent of Android based virtual machines and emulators.

BlueStacks Android Emulator and Andy Android Emulator both crash on load every time, when the Hyper-V role is active.  It looks like both used to work together before the Anniversary Edition update broke the support of Hyper-V and other emulators running at the same time. Here is the bulletin from BlueStacks regarding this issue.

I  want my computer to run everything and work right all the time, so I tried to install x86Android Android Emulator in Hyper-V as an alternative. Once I finally was able to get an older version to work; I found the touchscreen support / controls were unsuitable for my needs. The controls were pure garbage. I may revisit that scenario and try for a more complete configuration but BlueStacks Android Emulator is just so much more user friendly on every level. For now, I switch back and forth between a Hyper-V and a BlueStacks setup.

Here is what I found to switch Hyper-V on and off.  Previously, I was removing the Hyper-V role and adding it again when needed, but a caveat of doing that is the Hyper-V Virtual Switch Manager settings are lost in the process. The settings need to be recreated and reattached to each virtual machine, every time the role is reinstalled. You end up with a lot of orphaned network adapters.


!!!Hyper-V Switch To The Rescue!!!

Calm down. This utility doesn’t allow Hyper-V to run simultaneously with VMWare, VirtualBox or BlueStacks, but this great tool I found at least saves a reboot (it takes two reboots if you add and remove the Hyper-V role). Also, I don’t have to reconfigure Virtual Switch Manager every time I do it. This program automates a bcdedit process to disable Hyper-V without removing the Hyper-V role as part of the process.

Use Hyper-V Switch to toggle Hyper-V support on and off when using other emulators like VirtualBox or Andy Android Emulator to keep it fast and simple. I saved it to my Desktop and edited the executable file to Run as Administrator just to be sure it has the rights needed. You can also single right-click on the executable file or shortcut and then single left-click on Run as Administrator every time.

https://github.com/ygoe/HyperVSwitch – Download from GitHub

http://unclassified.software/apps/hypervswitch – Hyper-V Switch Website


#Enable The Hyper-V Role Using PowerShell manually or for the first time

#For the first and if the only time enabling the Hyper-V role then the command  below is all you need.

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Enable Hyper-V and all features.

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Type y and press Enter


#Disable The Hyper-V Role Using PowerShell

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

#Disable Hyper-V and all features

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V#Type y and press Enter


Manually Enable Hyper-V From The GUI

Windows Key-R to bring up the Run box.

Type optionalfeatures.exe and single left-click OK to execute (just means to run) optionalfeatures.exe. This method actually allows for more control of the Hyper-V installation since you can deselect unneeded features. For example, some people may not have any need for the Hyper-V Module for Windows PowerShell module if they don’t use PowerShell  or PowerShell Direct to administer any virtual machines.

Single left-click to select the Hyper-V option. Single left-click the Plus sign to expand if you need to select or deselect any of the default features. I use all the Hyper-V features so PowerShell for this installation works just fine for me. The end goal is to avoid moving my mouse as much as possible.