With PowerShell V2 you've got two approachs for remote commands.

使用 PowerShell V2，您有两种远程命令方法。

Commands with built-in remoting :

具有内置远程处理的命令：

A small set of commands in PowerShell v2 have a -ComputerNameparameter, which allows you to specify the target machine to access.

PowerShell v2 中的一小组命令有一个-ComputerName参数，它允许您指定要访问的目标机器。

Get-Process
Get-Service
Set-Service

Clear-EventLog
Get-Counter
Get-EventLog
Show-EventLog
Limit-EventLog
New-EventLog
Remove-EventLog
Write-EventLog

Restart-Computer
Stop-Computer

Get-HotFix

These commands do their own remoting either because the underlying infrastructure already supports remoting or they address scenarios that are of particular importance to system management. They are built on the top of DCOM and, on the access point of view, you can use them when you can establish a session with the remote machine with commands like NET.exeor PSExec.exe.

这些命令执行自己的远程处理，因为底层基础架构已经支持远程处理，或者它们解决了对系统管理特别重要的场景。它们构建在 DCOM 的顶部，从访问的角度来看，当您可以使用诸如NET.exe或 之类的命令与远程计算机建立会话时，可以使用它们PSExec.exe。

You are trying to use one of them and you've got a problem with credentials (-credparameter), because your token credentials can't be used to establish an admin session to the remote machine.

您正在尝试使用其中之一，但凭证（-cred参数）出现问题，因为您的令牌凭证不能用于建立与远程计算机的管理会话。

The PowerShell remoting subsystem :

PowerShell 远程处理子系统：

Before you can use PowerShell remoting to access a remote computer, the remoting service on that computer has to be explicitly enabled. You do so using the Enable-PSRemotingcmdlet. If you are working in workgroup you also need to enable the server to enter on your client computer with this command (on your client computer as administrator):

在您可以使用 PowerShell 远程处理访问远程计算机之前，必须明确启用该计算机上的远程处理服务。您可以使用Enable-PSRemotingcmdlet执行此操作。如果您在工作组中工作，您还需要使用此命令启用服务器以在您的客户端计算机上输入（在您的客户端计算机上以管理员身份）：

Set-Item WSMan:\localhost\Client\TrustedHosts *

Then, you will use New-PSSessionCmdlet (with -computernameand -credentials) to create a session object. Then Invoke-Command(with -sessionand -scriptblock) cmdlet allows you to remotely invoke a scriptblock on another computer. This is the base element for most of the features in remoting. You can also use Enter-PSSession to establish an interactive (SSL like) PowerShell command line with the server.

然后，您将使用New-PSSessionCmdlet（带有-computername和-credentials）来创建会话对象。然后Invoke-Command（使用-session和-scriptblock）cmdlet 允许您远程调用另一台计算机上的脚本块。这是远程处理中大多数功能的基本元素。您还可以使用 Enter-PSSession 与服务器建立交互式（类似于 SSL）的 PowerShell 命令行。

Useful link : Layman's guide to PowerShell 2.0 remoting

有用的链接：PowerShell 2.0 远程处理的外行指南

Test this :

测试这个：

$sess = New-PSSession -ComputerName myServer-Credential (Get-Credential)
Invoke-Command -Session $sess -ScriptBlock {get-service}
...
Remove-PSSession -Session $sess

If it is still important, here is my workaround:

如果它仍然很重要，这是我的解决方法：

I got an unprivileged user called 'usser' who wants powershell(v2) remoting from client A to server B.

我有一个叫“usser”的非特权用户，他想要从客户端 A 到服务器 B 的 powershell(v2) 远程处理。

Steps:

脚步：

1. enable-psremotingon Targetserver B as admin
2. Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUIon Targetserver B as admin
3. Add "usser" with full privileges

1. 以管理员身份在 Targetserver B 上启用 psremoting
2. 以管理员身份在 Targetserver B 上设置-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI
3. 添加具有完全权限的“用户”

Now comes the exciting part:

现在是令人兴奋的部分：

1. sc sdshow scmanageron Targetserver B as admin
2. Copy the SDDL output
3. sc sdset scmanager (f.e.:)"D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)" , in the Output you have to fill after this part (A;;CCLCRPWPRC;;;SY)this = (A;;KA;;;SID)
4. SIDstands of course for the SID of the unprivileged "usser"-user

5. when everything should be fine, it will similiar looks like this :

   D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;S-1-5-21-4233383628-1788409597-1873130553-1161)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

4. 以管理员身份在 Targetserver B 上执行sc sdshowscmanager
5. 复制 SDDL 输出
6. sc sdset scmanager (fe:)"D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY) (A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)" ，在输出中你必须在这部分之后填写(A;; CCLCRPWPRC;;;SY)这 = (A;;KA;;; SID)
7. SID当然代表无特权的“用户”用户的SID

8. 当一切正常时，它会看起来像这样：

   D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;; S-1-5-21-4233383628-1788409597-1873130553-1161)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Hope you will enjoy that little but complicated workaround.

希望你会喜欢这个小而复杂的解决方法。

Building on @scusi marcus's brilliant answer here:

以@scusi marcus 的精彩回答为基础：

Let's say I have an unprivileged/limited user called 'user1' who wants powershell(v2+) remoting from client machine A to targetserver B.

假设我有一个名为“user1”的非特权/受限用户，他希望 powershell(v2+) 从客户端机器 A 远程连接到目标服务器 B。

Steps:

脚步：

1. From elevated powershell prompt on targetserver B, run enable-psremoting. Accept several Y/N dialog confirmations or else run with -forceswitch.
2. In same elevated prompt as step 1, Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI
3. In the resulting dialog, add "user1". Readprivileges should be sufficient unless you are planning on remotely manipulating services, in which case you will want Full Control.
4. On targetserver B, from an elevated (non-powershell) prompt or as an administrator, run sc sdshow scmanager. Copy the SDDL output. May look something like this: D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

1. 从目标服务器 B 上提升的 powershell 提示符，运行enable-psremoting. 接受多个 Y/N 对话框确认，或者使用-forceswitch运行。
2. 在与步骤 1 相同的提升提示中，Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI
3. 在结果对话框中，添加“user1”。除非您计划远程操作服务，否则读取权限应该足够了，在这种情况下您需要完全控制。
4. 在目标服务器 B 上，从提升的（非 powershell）提示或以管理员身份运行sc sdshow scmanager. 复制 SDDL 输出。可能看起来像这样：D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

UPDATE: If we add the limited user to the target computer's Remote Management Users group, we can add (A;;LCRPWPDTLO;;;RM)to the D:portion of the above SDDL string, and skip steps 5 and 6 below.

更新：如果我们将受限用户添加到目标计算机的远程管理用户组，我们可以添加(A;;LCRPWPDTLO;;;RM)到D:上述 SDDL 字符串的部分，并跳过下面的第 5 步和第 6 步。

1. Determine the SID of the underprivileged user account (in our case, "user1"). (Hint: try wmic useraccount where name='user1' get sid)
2. Insert the following text into the output we copied in step 5: (A;;KA;;;*SID*)where *SID* is the SID of the user determined in step 5. Insert it somewhere in a place before the S:part of the SDDL string retrieved in step 4. So now you should have a string looking something like this: D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;S-1-5-21-4233383628-1788409597-1873130553-1161)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
3. On targetserver B, run sc sdset scmanagerfollowed by our new modified SDDL string. So the entire command would look something like this: sc sdset scmanager D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;S-1-5-21-4233383628-1788409597-1873130553-1161)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

5. 确定弱势用户帐户的 SID（在我们的例子中为“user1”）。（提示：试试wmic useraccount where name='user1' get sid）
6. 将以下文本插入到我们在第 5 步中复制的输出中：(A;;KA;;;*SID*)其中 *SID* 是在第 5 步中确定的用户的 SID。将其插入到S:第 4 步中检索到的 SDDL 字符串部分之前的某个位置。所以现在您应该有一个看起来像这样的字符串：D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;S-1-5-21-4233383628-1788409597-1873130553-1161)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
7. 在目标服务器 B 上，运行sc sdset scmanager后跟我们新修改的 SDDL 字符串。所以整个命令看起来像这样： sc sdset scmanager D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;S-1-5-21-4233383628-1788409597-1873130553-1161)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

You should now be able to remotely access the Service Control Manager on the remote server while logged into client machine A as "user1".

您现在应该能够在以“user1”身份登录到客户端计算机 A 时远程访问远程服务器上的服务控制管理器。

On client machine A, you may find that when you run Get-Service –ComputerName remoteservernot all services are listed. You may need to repeat the above process (starting at step 4) for a specific service that you need remote access to, but which is not listed in your Get-Serviceoutput on client machine A. For instance, if the sqlserveragentservice is not listed (but you know it is present on the targetserver), you would again log in to targetserver B and execute sc sdshowbut this time not for scmanagerbut for the sqlserveragentservice, so sc sdshow sqlserveragent. You would again receive some SDDL output that would need to be manipulated as above. At this point, it may be worth learning more about SDDL (Google it - this linkwas helpful for me), with the main caveatto watch for the D:and S:portions of the SDDL string and make sure you aren't messing with the S:part.

在客户端机器 A 上，您可能会发现运行时Get-Service –ComputerName remoteserver并未列出所有服务。您可能需要为需要远程访问但未Get-Service在客户端计算机 A 上的输出中列出的特定服务重复上述过程（从第 4 步开始）。例如，如果未列出sqlserveragent服务（但您知道它存在于目标服务器上），您将再次登录到目标服务器 B 并执行，sc sdshow但这次不是针对scmanager而是针对sqlserveragent服务，因此sc sdshow sqlserveragent. 您将再次收到一些需要按上述方式操作的 SDDL 输出。在这一点上，可能值得更多地了解 SDDL（谷歌它 - 这个链接对我有帮助），主要警告是要注意SDDL 字符串的D:和S:部分，并确保您没有弄乱该S:部分。

Viewing and manipulating services requires administrative privileges on the target machine.

查看和操作服务需要目标机器上的管理权限。

I was able to duplicate your error message by attempting to run Get-Service -ComputerName MyServerwhile logged in as a user account that doesn't have administrative rights to the server in question.

我能够通过尝试Get-Service -ComputerName MyServer在以没有相关服务器管理权限的用户帐户登录时运行来复制您的错误消息。

You can resolve this by either granting the workstation user account administrative privileges on the target server or by creating a a local group on the server and granting invocation privileges to members of that group. If you want to do the latter, see the following article.

您可以通过在目标服务器上授予工作站用户帐户管理权限或通过在服务器上创建本地组并向该组成员授予调用权限来解决此问题。如果你想做后者，请看下面的文章。

msgoodies: Using a PS Session without having Administrative Permissions

msgoodies：在没有管理权限的情况下使用 PS 会话

I know that this isn't the ideal answer to this question, but I was having a similar issue trying to use PowerShell to talk to a Windows 7 box. Turns out, WMI hadn't been installed with the native PSv2 that comes with Win7.

我知道这不是这个问题的理想答案，但我在尝试使用 PowerShell 与 Windows 7 机器对话时遇到了类似的问题。原来，WMI 没有安装在 Win7 自带的本机 PSv2 中。

As soon as I installed v3 as part of the WMI 3.0 package, the problem solved itself. I'd suggest making sure that all the relevant WMI services are running on your server. Unless you have conflicts, I'd also recommend upgrading to WMI 3.0.

一旦我将 v3 作为 WMI 3.0 软件包的一部分安装，问题就自行解决了。我建议确保所有相关的 WMI 服务都在您的服务器上运行。除非您有冲突，否则我还建议升级到 WMI 3.0。