PowerShell remoting for Discovery

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of PowerShell Remoting for Discovery

    The PowerShell remote execution framework in ServiceNow Discovery provides a unified, efficient, and stable method for probe developers to run PowerShell scripts on remote target devices. This framework simplifies remote execution by automatically handling script execution on targets, eliminating inconsistencies and the need for custom remote execution code.

    Show full answer Show less

    Requirements

    • The MID Server must have read and write access to the network share of the target device.
    • Remote targets must run PowerShell version 3.0 through 5.1.
    • For MID Servers using WinRM or WMI that copy scripts to the target, the MachinePolicy and UserPolicy execution policies must be set to Undefined. If scripts are executed without copying, other execution policies up to Restrictive are allowed.

    Application Discovery

    The framework supports copying scripts to the remote target, which is essential for certain probes (e.g., Windows — File discovery) where the script needs to invoke itself remotely to spawn new processes. Copying scripts helps avoid errors such as launchProcess failures on WMI-configured MID Servers caused by script length limits.

    Note that copied scripts may trigger anti-virus alerts on the target device; to prevent disruptions, add these scripts to the anti-virus permitted list.

    Probe Configuration

    In probes like Windows — Active Connections (part of the Windows — ADM multiprobe), configuration options allow control over remote execution:

    • Execute script remotely: When enabled, the script runs on the remote target; otherwise, it runs on the MID Server.
    • Copy script to target: When checked (and if remote execution is enabled), the script is copied and then executed on the target. If unchecked, the script runs on the target without copying.

    PowerShell Probe Development

    The framework allows probe developers to write scripts as if running locally, without worrying about the complexities of remote execution. It seamlessly manages execution over both WMI and WinRM protocols:

    • WMI-based MID Servers use launchProcess to run commands, which may cause complexity and occasional failures.
    • WinRM-based MID Servers avoid launchProcess, resulting in more efficient and stable remote execution.

    This unified approach enhances development consistency, improves discovery reliability, and supports flexible remote script execution configurations.

    Probe developers can use the PowerShell remote execution framework to automatically handle remote execution of scripts on target devices. The unified framework removes inconsistencies in remote execution, increases efficiency, and improves stability.

    Requirements

    To use PowerShell remote execution framework, the following requirements must be met:
    • The MID Server must be able to write to and read from the network share of the target.
    • The remote target must have PowerShell 3 or higher (up to 5.1).
    • For MID Servers using WinRM or WMI which choose to copy the script to the remote target, the MachinePolicy and UserPolicy scopes must be set to Undefined. If the script is not copied, the execution policy can be any other setting up to Restrictive.

    See Set up MID Servers to use PowerShell for more information.

    Application discovery

    The PowerShell remote execution framework has options for copying files to the remote target when executing a scan. Copying files to the target is important for probes like Windows — File discovery because its script invokes itself on the remote target to spawn off a new process. MID Servers using WMI to execute scripts remotely can experience an error with launchProcess if the script is too long. Copying the script to the remote target resolves this error. Copying a script to a remote target may result in anti-virus software on the target flagging the script. To avoid issues with anti-virus software, add the scripts to the permitted list in the anti-virus app.

    Probe configuration

    The following is the configuration page for the Windows — Active Connections probe, which is included in the Windows — ADM multiprobe.

    Windows — Active Connections probe configuration page

    The Execute script remotely check box is visible when the ECC queue topic is WMIRunner or PowerShell. When checked, the script executes on the remote target. Otherwise the script executes on the MID Server.

    The Copy script to target check box is visible when Execute script remotely is checked. If Copy script to target is checked, then the script is copied to, and run on, the target. If Copy script to target is unchecked, then the script is executed on the target without copying it.

    PowerShell probe development

    PowerShell remote execution framework is a unified method of executing PowerShell scripts, contained in a probe parameter, on a remote target server. The framework removes the need for probe developers to write their own remote execution code, which can cause inconsistencies between developers. The probe developer writes the script as if the probe was collecting information locally because the remote execution framework automatically handles remote script execution.

    The framework handles remote execution whether the MID Server is configured to use WMI or WinRM. If the MID Server is configured for WMI, the probe uses launchProcess to execute commands on the remote target. Using launchProcess complicates remote execution and can cause failures. However, a MID Server configured for WinRM does not use launchProcess, and so is more efficient and stable.