2013-03-13

To remotely manage SharePoint 2010/2013 using PowerShell, perform the following steps: .

On the client machine (the management server):

Enable-WSManCredSSP -Role Client -DelegateComputer * -Force
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials -Name WSMan -Value WSMAN/*
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain -Name WSMan -Value WSMAN/*

On the SharePoint server:

Enable-PSRemoting -Force Enable-WSManCredSSP -Role Server -Force
Enable-WSManCredSSP -Role Server -Force

Afterwards it is possible to connect to the server using PowerShell from your management server, using the following cmdlet:

Enter-PSSession SPServer -Authentication CredSSP -Credential DOMAIN\username

Add the SharePoint PowerShell SnapIn

Add-PSSnapIn Microsoft.SharePoint.PowerShell

To see if it works, run a simple SharePoint cmdlet:

Get-SPSite

(Link to Original post)

(Visited 7 times, 1 visits today)

About the author 

Nico Martens

Leave a Reply

  1. did you try to remove user from a site? for me it doesnt work using import session:

    $SPCreds = Get-Credential
    $session = New-PSSession -ComputerName server1 -Authentication CredSSP -Credential $SPCreds
    Invoke-Command -Session $session -ScriptBlock {Add-PsSnapin Microsoft.SharePoint.PowerShell}
    Import-PSSession -Session $session -CommandName *-SPUser -Prefix Remote
    Remove-RemoteSPUser “userlogin” -Web https://site -Confirm:$false -EA SilentlyContinue

  2. Hi Mihail,

    I just got this to work (your exact script).

    2 things you need to keep in mind:

    1. Your user that you specified in $SPCreds must have GrantAccessToProcessIdentity on your web-application. To do this, run $wa = Get-SPWebApplication http://yoururl; $wa.GrantAccessToProcessIdentity(“domain\youruser”)

    If you dont have this, you will get “E_ACCESSDENIED” error.

    2. Make sure that if your SharePoint farm is set up using claims-based authentication, your “userlogin” must include the full claim. In my example this is: i:0#.w|domain\user.

    If you entered the userlogin without claimsvalue, you will get “You must specify a valid user object or user identity.

    Please let me know if it still doesn’t work.

     

  3. Nico, thanks for your quick response.

    I’ve tried to set GrantAccessToProcessIdentity on ShrePoint Server itself and run once again the script on remote server, I haven’t received any error as before but whe run Remove-RemoteSPUser “userlogin” -Web https://site without -SA and -confirm I receive: “Are you sure you want to perform this action” and if with -Whatif parameter then: What if: Performing operation “Remove-SPUser” on Target … so it means that it can find my user, but still after pressing yes user is still on the site and no errors and Get-RemoteSPUser “userlogin” -Web https://site returns the correct user object

  4. That’s strange. The only thing that I can think of is that the user you are trying to remove is a site collection administrator. But there should be an error appearing if you try this. What do you see in the ULS logs while performing these operations?

  5. But before these I get in the same PowerShell category “Server Out Of Memory.  There is no memory on the server to run your program. Please contact your administrator with this problem.<nativehr>0x8007000e</nativehr><nativestack></nativestack>” 🙂

  6. Hmm, that could cause some troubles I guess, but not sure on how to troubleshoot this. Btw, ignore my last comment, DNS doesn’t have to be set up correctly as you are using remote powershell, so it will run it on your sharepoint server 🙂

  7. Just tried that on a second web server in farm with same results: “Server Out Of Memory.  There is no memory on the server to run your program. Please contact your administrator with this problem.<nativehr>0x8007000e</nativehr><nativestack></nativestack>” but there is for sure enough RAM ~1.5GB, maybe the are some sessions restrictions, do you know?

  8. If your client machine is Windows 7 or Windows 8.1 or Windows 10 your Windows Remote Management service is not started, and also not set in Automatic Startup mode, so when you try to run scripts for client you will receive message similar to this:

    Enable-WSManCredSSP : <f:WSManFault xmlns:f=”http://schemas.microsoft.com/wbem/wsman/1/wsmanfault” Code=”2150858770″ Machine=”xxx”><f:Message>The client cannot connect to the destination specified in the request. Verify that the service on the
    destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination
    to analyze and configure the WinRM service: “winrm quickconfig”. </f:Message></f:WSManFault>
    At line:1 char:1
    + Enable-WSManCredSSP -Role Client -DelegateComputer * -Force
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.String[]:String[]) [Enable-WSManCredSSP], InvalidOperationException
        + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.EnableWSManCredSSPCommand

    To set Windows Remote Management Service just run following cmdlets:

    Set-Service winrm -StartupType Automatic
    get-service winrm | Start-Service

    And everything will work perfect :).

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

2 Free Ebooks: How to govern Microsoft teams 

Download your 2 free Microsoft Teams governance Ebooks and learn the steps necessary to create a bullet-proof governance strategy.