New-PSWorkflowSession

Creates a workflow session.

Syntax

New-PSWorkflowSession
   [[-ComputerName] <String[]>]
   [-Credential <Object>]
   [-Name <String[]>]
   [-Port <Int32>]
   [-UseSSL]
   [-ApplicationName <String>]
   [-ThrottleLimit <Int32>]
   [-SessionOption <PSSessionOption>]
   [-Authentication <AuthenticationMechanism>]
   [-CertificateThumbprint <String>]
   [-EnableNetworkAccess]
   [<CommonParameters>]

Description

The New-PSWorkflowSession cmdlet creates a user-managed session (PSSession) that is especially designed for running Windows PowerShell workflows. It uses the Microsoft.PowerShell.Workflow session configuration, which includes scripts, type and formatting files, and options that are required for workflows.

You can use New-PSWorkflowSession or its alias, nwsn.

You can also add workflow common parameters to this command. For more information about workflow common parameters, see about_WorkflowCommonParameters

This cmdlet was introduced in Windows PowerShell 3.0.

Examples

Example 1: Create a workflow session on a remote computer

This example creates the WorkflowTests session on the ServerNode01 remote computer.

$params = @{
    ComputerName = "ServerNode01"
    Name = "WorkflowTests"
    SessionOption = (New-PSSessionOption -OutputBufferingMode Drop)
}
New-PSWorkflowSession @params

The value of the SessionOption parameter is a New-PSSessionOption command that sets the output buffering mode in the session to Drop.

Example 2: Create workflow sessions on multiple remote computers

This example creates workflow sessions on the ServerNode01 and Server12 computers. The command uses the Credential parameter to run with the permissions of the domain administrator.

"ServerNode01", "Server12" |
    New-PSWorkflowSession -Name WorkflowSession -Credential Domain01\Admin01 -ThrottleLimit 150

The command uses the ThrottleLimit parameter to increase the per-command throttle limit to 150. This value takes precedence over the default throttle limit of 100 that is set in the Microsoft.PowerShell.Workflow session configuration.

Parameters

-ApplicationName

Specifies the application name segment of the connection URI.

The default value is the value of the $PSSessionApplicationName preference variable on the local computer. If this preference variable is not defined, the default value is WSMAN. This value is appropriate for most uses. For more information, see about_Preference_Variables.

The WinRM service uses the application name to select a listener to service the connection request. The value of this parameter should match the value of the URLPrefix property of a listener on the remote computer.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Authentication

Specifies the mechanism that is used to authenticate the user credentials. The acceptable values for this parameter are:

  • Default
  • Basic
  • Credssp
  • Digest
  • Kerberos
  • Negotiate
  • NegotiateWithImplicitCredential

The default value is Default.

CredSSP authentication is available only in Windows Vista, Windows Server 2008, and later versions of the Windows operating system.

For more information about the values of this parameter, see AuthenticationMechanism Enumeration.

Caution

Credential Security Service Provider (CredSSP) authentication, in which the user credentials are passed to a remote computer to be authenticated, is designed for commands that require authentication on more than one resource, such as accessing a remote network share. This mechanism increases the security risk of the remote operation. If the remote computer is compromised, the credentials that are passed to it can be used to control the network session.

Type:AuthenticationMechanism
Accepted values:Default, Basic, Negotiate, NegotiateWithImplicitCredential, Credssp, Digest, Kerberos
Position:Named
Default value:Default
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CertificateThumbprint

Specifies the digital public key certificate (X509) of a user account that has permission to perform this action. Enter the certificate thumbprint of the certificate.

Certificates are used in client certificate-based authentication. They can be mapped only to local user accounts; they do not work with domain accounts.

To get a certificate thumbprint, use the Get-Item cmdlet or the Get-ChildItem cmdlet in the Windows PowerShell Cert: drive.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ComputerName

Creates a persistent connection (PSSession) to the specified computer. If you enter multiple computer names, Windows PowerShell creates multiple PSSessions, one for each computer. The default is the local computer.

Type the NetBIOS name, an IP address, or a fully qualified domain name of one or more remote computers. To specify the local computer, type the computer name, localhost, or a dot (.). When the computer is in a different domain than the user, the fully qualified domain name is required. You can also pipe a computer name, in quotation marks to New-PSWorkflowSession.

To use an IP address in the value of the ComputerName parameter, the command must include the Credential parameter. Also, the computer must be configured for HTTPS transport or the IP address of the remote computer must be included in the WinRM TrustedHosts list on the local computer. For instructions for adding a computer name to the TrustedHosts list, see "How to Add a Computer to the Trusted Host List" in about_Remote_Troubleshooting.

Type:String[]
Aliases:Cn
Position:0
Default value:Local computer
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Credential

Specifies a user account that has permission to perform this action. The default is the current user. Type a user name, such as User01, Domain01\User01, or User@Domain.com, or enter a PSCredential object, such as one returned by the Get-Credential cmdlet.

When you type a user name, this cmdlet prompts you for a password.

Type:Object
Position:Named
Default value:Current user
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-EnableNetworkAccess

Indicates that this cmdlet adds an interactive security token to loopback sessions. The interactive token lets you run commands in the loopback session that get data from other computers. For example, you can run a command in the session that copies XML files from a remote computer to the local computer.

A loopback session is a PSSession that originates and ends on the same computer. To create a loopback session, do not specify the ComputerName parameter or set its value to dot (.), localhost, or the name of the local computer.

By default, loopback sessions are created that have a network token, which might not provide sufficient permission to authenticate to remote computers.

The EnableNetworkAccess parameter is effective only in loopback sessions. If you specify the EnableNetworkAccess parameter when you create a session on a remote computer, the command succeeds, but the parameter is ignored.

You can also allow remote access in a loopback session by using the CredSSP value of the Authentication parameter, which delegates the session credentials to other computers.

To protect the computer from malicious access, disconnected loopback sessions that have interactive tokens, those created by using the EnableNetworkAccess parameter, can be reconnected only from the computer on which the session was created. Disconnected sessions that use CredSSP authentication can be reconnected from other computers. For more information, see the Disconnect-PSSession cmdlet.

This parameter was introduced in Windows PowerShell 3.0.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies a friendly name for the workflow session. You can use the name with other cmdlets, such as Get-PSSession and Enter-PSSession. The name is not required to be unique to the computer or the current session.

Type:String[]
Position:Named
Default value:Session#
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Port

Specifies the network port on the remote computer that is used for this connection. To connect to a remote computer, the remote computer must be listening on the port that the connection uses. The default ports are 5985 (WinRM port for HTTP) and 5986 (WinRM port for HTTPS).

Before using another port, you must configure the WinRM listener on the remote computer to listen at that port. Use the following commands to configure the listener:

winrm delete winrm/config/listener?Address=*+Transport=HTTP

winrm create winrm/config/listener?Address=*+Transport=HTTP @{Port="\<port-number\>"}

Do not use the Port parameter unless you must. The port setting in the command applies to all computers or sessions on which the command runs. An alternate port setting might prevent the command from running on all computers.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SessionOption

Specifies advanced options for the session. Enter a SessionOption object, such as one that you create by using the New-PSSessionOption cmdlet.

The default values for the options are determined by the value of the $PSSessionOption preference variable, if it is set. Otherwise, the default values are established by options set in the session configuration.

The session option values take precedence over default values for sessions set in the $PSSessionOption preference variable and in the session configuration. However, they do not take precedence over maximum values, quotas or limits set in the session configuration. For more information about session configurations, see about_Session_Configurations.

For a description of the session options, including the default values, see New-PSSessionOption. For information about the $PSSessionOption preference variable, see about_Preference_Variables.

Type:PSSessionOption
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent connections that can be established to run this command. If you omit this parameter or enter a value of 0 (zero), the default value for the Microsoft.PowerShellWorkflow session configuration, 100, is used.

The throttle limit applies only to the current command, not to the session or to the computer.

Type:Int32
Position:Named
Default value:100
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UseSSL

Indicates that this cmdlet uses the Secure Sockets Layer (SSL) protocol to establish a connection to the remote computer. By default, SSL is not used.

WS-Management encrypts all Windows PowerShell content transmitted over the network. The UseSSL parameter is an additional protection that sends the data across an HTTPS connection instead of an HTTP connection.

If you specify this parameter, but SSL is not available on the port that is used for the command, the command fails.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSSession

You can pipe a session to this cmdlet.

String

You can pipe a computer name to this cmdlet.

Outputs

PSSession

Notes

Windows PowerShell includes the following aliases for New-PSWorkflowSession:

  • nwsn

A New-PSWorkflowSession command is equivalent to the following command:

New-PSSession -ConfigurationName Microsoft.PowerShell.Workflow