-->
Applies to: Windows 10, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
TeamViewer Host is used for 24/7 access to remote computers, which makes it an ideal solution for uses such as remote monitoring, server maintenance, or connecting to a PC or Mac in the office or at home. Install TeamViewer Host on an unlimited number of computers and devices. As a licensed user, you have access to them all! How about installing a program on a remote computer? That's a bit more complicated and depend on the install package. If it's an MSI package or a package that has a silent option, PowerShell should be able to take care of it. If the install package is already on the remote computer. Download this app from Microsoft Store for Windows 10, Windows 8.1, Windows 10 Mobile, Windows Phone 8.1, Windows 10 Team (Surface Hub), HoloLens. See screenshots, read the latest customer reviews, and compare ratings for Microsoft Remote Desktop.
Microsoft Remote Desktop clients let you use and control a remote PC. With a Remote Desktop client, you can do all the things with a remote PC that you can do with a physical PC, such as:
- Use apps installed on the remote PC.
- Access files and network resources on the remote PC.
- Leave the apps open when you turn off the client.
You can also use a Remote Desktop client to access your remote PC from almost any device. There are even clients for mobile smartphones! Here's a list of the latest versions of the client apps and where you can download them:
Client | Get the app | Documentation | Latest version |
---|---|---|---|
Windows Desktop | Windows Desktop client | Get started, What's new | 1.2.2061 |
Microsoft Store | Windows 10 client in the Microsoft Store | Get started, What's new | 1.2.1810 |
Android | Android client in Google Play | Get started, What's new | 10.0.10 |
iOS | iOS client in the App Store | Get started, What's new | 10.2.5 |
macOS | macOS client in the App Store | Get started, What's new | 10.6.5 |
- Download this app from Microsoft Store for Windows 10, Windows 8.1, Windows 10 Mobile, Windows Phone 8.1, Windows 10 Team (Surface Hub), HoloLens. See screenshots, read the latest customer reviews, and compare ratings for Microsoft Remote Desktop.
- Remote Server Administration Tools cannot be installed on Windows RT, computers with an Advanced RISC Machine (ARM) architecture, or other system-on-chip devices. Remote Server Administration Tools for Windows 10 runs on both x86- and x64-based editions of the full release of Windows 10, Professional, Enterprise or Education editions.
Before you start using the client of your choice, there are a few things you'll need to do first.
Configure your remote PC
Just as you would with a local computer, you'll need to configure your remote computer before you start accessing it with the client.
To configure your remote PC:
- Check the supported configuration article to make sure your local PC is compatible with the Remote Desktop client.
- Follow the instructions in Allow access to your PC to set up your remote PC and give you the necessary permissions to access the remote PC with the client.
Remote Desktop client Uniform Resource Identifier (URI) scheme
You can also use features of Remote Desktop clients across platforms by enabling a Uniform Resource Identifier (URI) scheme. The Supported URI attributes article will tell you about URIs you can use with the iOS, Mac, and Android clients.
Other resources
If you have any other questions that this article didn't answer, check out the Remote Desktop client FAQ.
I previously covered how to silently install a MSI. The next thing an administrator wants to do is install it on a remote system. That is the logical next step. This isn't always the easiest task for someone new to PowerShell.
- Installing from a remote location
- Pre-copy using PSSession (PS 5.0)
- Don't use CredSSP
- Other approaches to consider
- Install with Package Management
To keep these samples cleaner, I am going to use an imaginary installer that is not an MSI but the approach is the same. The main way to execute remote commands is with PowerShell remoting using the Enter-PSSession
or Invoke-Command
cmdlets. I am assuming that you already have PSRemoting working in your environment. If you need help with that, consult the Secrets of PowerShell Remoting ebook.
I am also using Invoke-Command
in all my examples because that is what you would use in your scripts.
If you already have the file on the remote system, we can run it with Invoke-Command
.
There are two important details to be aware of right away.
The first detail is that you need to maintain a remote session while the installer is running. If the installer does not block execution (it returns control back to the shell while it executes), your script may finish before the installer finishes. This will cancel the install as it closes the remote session.
You will need to call Start-Process -Wait
if you are having that issue.
This brings us to our second important detail. The install needs to be truly silent. Remote sessions are non-interactive. That means that they cannot popup or show windows. This will either cause the program to fail because it cannot show the window or it will cause the installer to hang because it expects someone to click a button that you have no way to click.
Most of the time if you are running installers on a remote system, you have the installer on a network share (UNC path). At first glance, this looks like it should work:
This can be the source of a lot of headaches. Ideally you want to run the installer from a UNC path, but you discover that it does not work.
Trying to copy the file inside the remote command give you the same problem.
Everything tells you that the file either does not exist or you have no permissions to the file. This is kind of a false message because it does exist and you have file access rights. The issue is that your remote session does not have those same rights.
The double hop problem
This is the double hop problem. The credential used to authenticate with server01
cannot be used by server01
to authenticate to fileserver
. Or any other network resources for that matter. That second hop is anything that requires authentication that is not on the first remote system.
We can either pre-copy the file or re-authenticate on the remote end.
I will use these place holder variables in the rest of the examples.
Pre-copy file using administrator share
The obvious first approach is to use the administrator share of the remote system to push content to a location we can access. Here I place it in the windows temp folder then remotely execute it.
Pre-copy using PSSession (PS 5.0)
There is a new feature added in Powershell 5.0 that allows you to copy files using a PSSession. So create a PSSession and copy the file over it using the syntax below. A cool thing about this approach is that with Powershell 5.0, you can create a PSSession to a guest VM over the VM buss (instead of over the network) and you can still copy a file to it.
While you can run Invoke-Command
on multiple computers at once, be aware that Copy-Item -ToSession
only works on a single session.
PowerCLI Copy-VMGuest
Remote Installation Near Me
You can use PowerCli to copy files to a vSphere guest with the Copy-VMGuest CmdLet.
Re-authenticate from the session
It actually is easy to re-authenticate in the remote session. Create a credential object and pass it into your Invoke-Command
. Then use that credential to create a New-PSDrive
. Even if you don't use that new drive mapping, it will establish authentication for your UNC path to work.
I used two tricks in that example that I need to point out if you have not seen them before. The first is splatting where I place arguments into a hashtable and use the @
operator to pass them to the CmdLet. The second is the $using:
scope to get a variable from my local session into that remote scriptblock. I combine both of them when I execute this command New-PSDrive @using:psdrive
.
I can't talk about the double hop problem without mentioning CredSSP. The most common solution you will find on-line if you Google the double hop problem is to enable CredSSP. Even Jeffery Snover has an old article recommending it. The general community has moved away from that as a solution because it puts your environment at risk. The issue with CredSSP is that your administrator credential gets cached on the remote system in a way that gives attackers easy access to it.
For more details see this great write up: Accidental Sabotage: Beware of CredSSP
Resource-based Kerberos constrained delegation
But there is a better solution called Resource-based Kerberos constrained delegation. constrained delegation in Server 2012 introduces the concept of controlling delegation of service tickets using a security descriptor rather than an allow list of SPNs. This change simplifies delegation by enabling the resource to determine which security principals are allowed to request tickets on behalf of another user. See PowerShell Remoting Kerberos Double Hop Solved Securely for the details.
Here is a quick snip of code showing how it works.
That covers the most common approaches that administrators take to solving this problem. I do have a few more ideas for you to take into consideration. These approaches are outside the scope of this post to go into the implementation details, but I wanted you to be aware of them.
Desired State Configuration
You can use DSC to deploy and install your software. The easy stuff in DSC is very easy and you would learn a lot going down this path. You will need a pull server (that is easy to set up) for this one.
Deciding how to get the installer to the target system is the hard part with DSC. If you set up certificates, then you can provide credentials to a file share for straight file copy. Or you can create a custom DSC Resource and place the files in it. The target system would download it from the pull server like it would other resources.
You can combine it with one of these next ideas.
Web download
You can pull the file off of an external or internal webserver before you install it. Huawei ce0682 unlock software download.
Install with Package Management
Install Remote App
Windows has introduced pakage management into Windows that can be used to install packages from online repositories.
Install with Chocholatey
Or you could use the Chocholatey.org package manager. The Microsoft package manager supports Chocholatey as a source but I have found the occasional installer that needs to be ran with choco install
instead.
Internal repository
You can set up a nuget repository and use the new package management commands to deploy applications. If you have an internal dev team, this is something they may have already set up.
The first half of this post answers the immediate question as to why you may be struggling to get software to install remotely.
There are two important details to be aware of right away.
The first detail is that you need to maintain a remote session while the installer is running. If the installer does not block execution (it returns control back to the shell while it executes), your script may finish before the installer finishes. This will cancel the install as it closes the remote session.
You will need to call Start-Process -Wait
if you are having that issue.
This brings us to our second important detail. The install needs to be truly silent. Remote sessions are non-interactive. That means that they cannot popup or show windows. This will either cause the program to fail because it cannot show the window or it will cause the installer to hang because it expects someone to click a button that you have no way to click.
Most of the time if you are running installers on a remote system, you have the installer on a network share (UNC path). At first glance, this looks like it should work:
This can be the source of a lot of headaches. Ideally you want to run the installer from a UNC path, but you discover that it does not work.
Trying to copy the file inside the remote command give you the same problem.
Everything tells you that the file either does not exist or you have no permissions to the file. This is kind of a false message because it does exist and you have file access rights. The issue is that your remote session does not have those same rights.
The double hop problem
This is the double hop problem. The credential used to authenticate with server01
cannot be used by server01
to authenticate to fileserver
. Or any other network resources for that matter. That second hop is anything that requires authentication that is not on the first remote system.
We can either pre-copy the file or re-authenticate on the remote end.
I will use these place holder variables in the rest of the examples.
Pre-copy file using administrator share
The obvious first approach is to use the administrator share of the remote system to push content to a location we can access. Here I place it in the windows temp folder then remotely execute it.
Pre-copy using PSSession (PS 5.0)
There is a new feature added in Powershell 5.0 that allows you to copy files using a PSSession. So create a PSSession and copy the file over it using the syntax below. A cool thing about this approach is that with Powershell 5.0, you can create a PSSession to a guest VM over the VM buss (instead of over the network) and you can still copy a file to it.
While you can run Invoke-Command
on multiple computers at once, be aware that Copy-Item -ToSession
only works on a single session.
PowerCLI Copy-VMGuest
Remote Installation Near Me
You can use PowerCli to copy files to a vSphere guest with the Copy-VMGuest CmdLet.
Re-authenticate from the session
It actually is easy to re-authenticate in the remote session. Create a credential object and pass it into your Invoke-Command
. Then use that credential to create a New-PSDrive
. Even if you don't use that new drive mapping, it will establish authentication for your UNC path to work.
I used two tricks in that example that I need to point out if you have not seen them before. The first is splatting where I place arguments into a hashtable and use the @
operator to pass them to the CmdLet. The second is the $using:
scope to get a variable from my local session into that remote scriptblock. I combine both of them when I execute this command New-PSDrive @using:psdrive
.
I can't talk about the double hop problem without mentioning CredSSP. The most common solution you will find on-line if you Google the double hop problem is to enable CredSSP. Even Jeffery Snover has an old article recommending it. The general community has moved away from that as a solution because it puts your environment at risk. The issue with CredSSP is that your administrator credential gets cached on the remote system in a way that gives attackers easy access to it.
For more details see this great write up: Accidental Sabotage: Beware of CredSSP
Resource-based Kerberos constrained delegation
But there is a better solution called Resource-based Kerberos constrained delegation. constrained delegation in Server 2012 introduces the concept of controlling delegation of service tickets using a security descriptor rather than an allow list of SPNs. This change simplifies delegation by enabling the resource to determine which security principals are allowed to request tickets on behalf of another user. See PowerShell Remoting Kerberos Double Hop Solved Securely for the details.
Here is a quick snip of code showing how it works.
That covers the most common approaches that administrators take to solving this problem. I do have a few more ideas for you to take into consideration. These approaches are outside the scope of this post to go into the implementation details, but I wanted you to be aware of them.
Desired State Configuration
You can use DSC to deploy and install your software. The easy stuff in DSC is very easy and you would learn a lot going down this path. You will need a pull server (that is easy to set up) for this one.
Deciding how to get the installer to the target system is the hard part with DSC. If you set up certificates, then you can provide credentials to a file share for straight file copy. Or you can create a custom DSC Resource and place the files in it. The target system would download it from the pull server like it would other resources.
You can combine it with one of these next ideas.
Web download
You can pull the file off of an external or internal webserver before you install it. Huawei ce0682 unlock software download.
Install with Package Management
Install Remote App
Windows has introduced pakage management into Windows that can be used to install packages from online repositories.
Install with Chocholatey
Or you could use the Chocholatey.org package manager. The Microsoft package manager supports Chocholatey as a source but I have found the occasional installer that needs to be ran with choco install
instead.
Internal repository
You can set up a nuget repository and use the new package management commands to deploy applications. If you have an internal dev team, this is something they may have already set up.
The first half of this post answers the immediate question as to why you may be struggling to get software to install remotely.
If your question was 'how should I be installing software?' then your focus should shift to package management. It is still new to the Windows ecosystem, but this is the direction that Windows is headed.
Remote Install Ps4
You have plenty of options to choose from. Pick what works best for your current situation.