PowerShell Cmdlet Deep Dive: Invoke-WSManAction

Welcome back to Wahmans PowerShell Blog! Today, we’re diving into a powerful, yet often underutilized cmdlet: Invoke-WSManAction. This cmdlet is part of the PowerShell Remoting framework and allows you to invoke actions on WS-Management resources remotely. It’s particularly useful when working with systems that expose management capabilities via the WS-Man protocol such as Windows Remote Management (WinRM).

What does Invoke-WSManAction do?

According to the official Microsoft documentation:

Invokes an action on the object that is specified by the Resource URI and by the selectors.

This is a more advanced cmdlet that requires some understanding of WS-Man endpoints, resources, and actions. But don’t worry! By the end of this post, you’ll understand how it works and have four great examples from beginner to advanced usage.

Example 1: Restarting a remote computer using WinRM

This is one of the most straightforward use cases for Invoke-WSManAction.

Invoke-WSManAction -Action Restart -ResourceURI "http://schemas.microsoft.com/wbem/wsman/1/windows/Win32_OperatingSystem" -ComputerName "RemotePC01" -Credential (Get-Credential) -SelectorSet @{ Name = 'Microsoft:Win32_OperatingSystem=@' }

This command sends a restart signal to the remote computer RemotePC01 using WSMan. You’ll be prompted for credentials.

Example 2: Starting a remote service

Want to start a Windows service remotely via WSMan? Here’s how you do it.

Invoke-WSManAction -Action StartService -ResourceURI "http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_Service" -ComputerName "RemotePC01" -Credential (Get-Credential) -SelectorSet @{ Name = "wuauserv" }

This command remotely starts the Windows Update service (wuauserv) on RemotePC01.

Example 3: Stopping a service using its WS-Man endpoint

Similar to starting a service, you can also stop one. This example expands your knowledge with a different action.

Invoke-WSManAction -Action StopService -ResourceURI "http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_Service" -ComputerName "RemotePC01" -Credential (Get-Credential) -SelectorSet @{ Name = "Spooler" }

This will stop the Print Spooler service on the remote machine.

Example 4: Unlocking a BitLocker-protected drive remotely (advanced)

In this advanced real-world scenario, you can invoke a BitLocker unlock operation on a remote endpoint if you have the proper URI and configuration.

Invoke-WSManAction -Action Unlock -ResourceURI "http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Security/MicrosoftVolumeEncryption/Win32_EncryptableVolume" -ComputerName "SecurePC01" -SelectorSet @{ DeviceID = "C:" } -Credential (Get-Credential)

This example assumes that you have BitLocker APIs exposed via WSMan on the remote machine and that WSMan access is properly configured and secured.

Wrapping Up

The Invoke-WSManAction cmdlet is an incredibly powerful tool when working with remote management and WS-Management resources. It allows you to perform operations like restarting systems, managing services, and even interacting with advanced subsystems like BitLocker — all from the command line.

Thanks for reading!

Happy scripting, and I will see you in the next post!