Hey there! Let's walk through how to install software on remote AD domain-joined machines using PowerShell while properly passing admin credentials. I'll break this down into practical steps with code examples you can tweak for your needs.

First, make sure these boxes are checked:

• Remote machines have WinRM enabled (required for PowerShell remoting). You can enable it via Group Policy for domain-wide deployment, or run Enable-PSRemoting -Force locally on individual machines (needs admin rights).
• The admin account you use has local admin privileges on the target remote machines (domain admins typically have this by default).
• Your installation package is stored in a domain-accessible shared folder (e.g., \\yourdomain.com\SharedInstallers) so remote machines can reach it without extra file transfer steps.

This is the cleanest, most secure way to run remote installations with credentials. We'll define a reusable script block for the install logic, pass it to remote machines, and authenticate with your admin credentials.

Full Example Code #

# 1. Securely retrieve admin credentials (never hardcode these!)
$adminCred = Get-Credential -Message "Enter your AD domain admin credentials (format: DOMAIN\Username)"

# 2. List of remote computers to target (single or multiple machines)
$targetMachines = @("DESKTOP-ABC123", "LAPTOP-XYZ789", "SERVER01")

# 3. Define the installation logic as a script block
$installScript = {
    param(
        [string]$InstallerPath,
        [string]$LogFilePath
    )

    # Handle MSI installers (adjust arguments to match your software's silent install params)
    if ($InstallerPath -match "\.msi$") {
        $installProcess = Start-Process msiexec.exe -ArgumentList "/i `"$InstallerPath`" /qn /norestart /log `"$LogFilePath`"" -Wait -PassThru
    }
    # Handle EXE installers (replace with your EXE's specific silent flags)
    elseif ($InstallerPath -match "\.exe$") {
        $installProcess = Start-Process $InstallerPath -ArgumentList "/silent /install /log `"$LogFilePath`"" -Wait -PassThru
    }
    else {
        Write-Error "Unsupported installer type: $InstallerPath"
        exit 1
    }

    # Return clear success/failure details
    if ($installProcess.ExitCode -eq 0) {
        return "✅ Installation succeeded on $env:COMPUTERNAME. Exit code: $($installProcess.ExitCode)"
    }
    else {
        Write-Error "❌ Installation failed on $env:COMPUTERNAME. Exit code: $($installProcess.ExitCode). Check log at $LogFilePath"
        exit $installProcess.ExitCode
    }
}

# 4. Execute the remote installation across all target machines
try {
    foreach ($machine in $targetMachines) {
        Write-Host "`nStarting installation on $machine..." -ForegroundColor Cyan
        
        # Path to your installer in the domain share
        $installer = "\\yourdomain.com\SharedInstallers\YourSoftwareSetup.msi"
        # Path to save the install log on the remote machine
        $logPath = "C:\Windows\Temp\YourSoftware_Install_$env:COMPUTERNAME.log"

        # Run the script block on the remote machine with credentials
        $installResult = Invoke-Command -ComputerName $machine -Credential $adminCred -ScriptBlock $installScript -ArgumentList $installer, $logPath
        
        Write-Host $installResult -ForegroundColor Green
    }
}
catch {
    Write-Host "`n❌ Error on $machine : $_" -ForegroundColor Red
}

• Silent Install Params: Always use silent/quiet flags (like /qn for MSIs, /silent for EXEs) to avoid interactive prompts on remote machines—this is critical for unattended installs.
• Log Files: Generating install logs helps debug failures later. We’re saving logs to C:\Windows\Temp since it’s a universally writable location for admins.
• WinRM Issues: If you get "access denied" or "cannot connect" errors, verify:
  • The remote machine is on the domain and network-reachable.
  • WinRM is enabled and configured to allow domain connections.
  • Your admin account has permission to run remote commands (check with Get-PSSessionConfiguration on the remote machine).
• Copy Installers Locally: If you can’t use a domain share, you can first copy the installer to the remote machine’s temp folder using Copy-Item -ToSession (create a PSSession first with New-PSSession -ComputerName $machine -Credential $adminCred).

If you prefer Sysinternals PsExec, you can run it from PowerShell with credentials too. Note that this isn’t PowerShell-native, but works for older systems:

$adminCred = Get-Credential
$installer = "\\yourdomain.com\SharedInstallers\YourSoftware.exe"

foreach ($machine in $targetMachines) {
    .\PsExec.exe \\$machine -u DOMAIN\AdminUser -p $adminCred.GetNetworkCredential().Password $installer /silent
}

Note: Storing plaintext passwords this way is less secure—stick with Invoke-Command when possible.

内容的提问来源于stack exchange，提问作者Raghavendra Nayaka