Chapter 27. Setting up constrained remoting endpoints
The ability to create constrained endpoints has existed since PowerShell v2, but PowerShell v3 makes them easier to create and makes them an effective way to set up delegated administration capabilities within your environment. We’ll walk you through the complete process of creating and configuring these and give you some ideas for how you might utilize them in your own organization.
Figure 27.1 provides a quick overview of PowerShell’s Remoting architecture. You use the Web Services for Management (WS-MAN) protocol to communicate between computers (or even between two services on the same computer). WS-MAN utilizes either HTTP or HTTPS, with HTTP being the default. On the remote computer, a Windows Remote Management (WinRM) service receives the incoming WSMAN traffic and routes that traffic to one or more endpoints. When those endpoints connect to PowerShell, a session configuration determines the capabilities of that particular connection. The default session configurations created when you enable Remoting (by running Enable-PSRemoting) are basically unrestricted and may only be utilized by Administrators.
Note
For a more in-depth look at how Remoting works, we recommend Learn Windows PowerShell 3 in a Month of Lunches. You can also refer to Don’s free Secrets of PowerShell Remoting guide, which is available at http://PowerShellBooks.com.