# POWERSHELL REMOTING

To enable PowerShell Remoting

```
Enable-PSRemoting
```

To connect to a remote computer where current user has local admin access

```
Enter-PSSession -ComputerName <COMPUTER NAME>
```

To store a session of a remote computer where current user has local admin access

```
$sess = New-PSSession -ComputerName <COMPUTER NAME>
```

Execute commands on remote machine via PSRemoting where our current user is local admin on the remote machine

```
Invoke-Command -ComputerName <COMPUTER NAME> -ScriptBlock {whoami}
```

Execute commands on remote machine via PSRemoting where our current user is local admin session on the remote machine&#x20;

```
Invoke-Command -SessionName <SESSIONNAME> -ScriptBlock {whoami}
```

To copy a file from local machine to remote server where current user has local admin access

```
Copy-Item -Path <PATH TO FILE> -Destination <DESTINATION PATH ON REMOTE> -ToSession $sess
```

To copy a file from remote machine where current user has local admin access

```
Copy-Item -Path <PATH TO FILE> -Destination <DESTINATION PATH ON LOCAL> -FromSession $sess
```

To load PowerShell scripts from local machine to the remote machine where our current user is local admin on the remote machine

```
Invoke-Command -Computername <COMPUTER NAME> -FilePath <LOCAL PATH FOR SCRIPT>
```

To load PowerShell scripts from local machine to the remote machine with local admin session of current user

```
Invoke-Command -Session $sess -FilePath <LOCAL PATH FOR SCRIPT>
```

To load a function from local powershell memory into remote machine where our current user has local admin access

```
Invoke-Command -Scriptblock ${function:<FUNCTION>} -Computername <COMPUTER NAME>
```

To load a function from local powershell memory into remote machine with local admin session of current user

```
Invoke-Command -Scriptblock ${function:<FUNCTION>} -Session $sess
```

If the remote machine prompts for authentication, store the credential of the current user which is a local admin on the remote machine

```
$cred = Get-Credential -Credential <DOMAIN\USERNAME>
```

Pass the `$cred` variable with `-Credential` parameter for the above commands


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://aidenpearce369.gitbook.io/handbook/ad-pentesting/lateral-movement/powershell-remoting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.