How to Install Windows Software Remotely Using PowerShell and Chocolatey

Windows 11 approved hero 3

2020 saw more people work from home than ever due to the worldwide health pandemic. But organizations were caught off guard and needed to quickly find ways to let employees work remotely and securely. Even organizations that had virtual private network (VPN) solutions already in place scrambled to scale them to handle a significantly higher load.

Then comes the problem of how to deploy and keep software up to date. Again, many larger organizations already have systems in place to manage this. Endpoint Manager is Microsoft’s solution for managing endpoints, regardless of where they are located. But it’s subscription model and complexity can put it out of reach for small businesses. If you want to use the latest version of PowerShell, you will need to install PowerShell 7 instead of using Windows PowerShell.

Using a package manager

Chocolatey is a command-line package manager for Windows. It is free and open source. Package managers let you deploy software from a repository using a few simple steps. For example, you can install popular Windows software from Chocolatey’s public repository using a simple command line.

There’s no need to manually download the software and then step through an installer wizard. Chocolatey automates the entire process from beginning to end. For more information on how to install software using Chocolatey, check out How to Install Windows Software Using Chocolatey on Petri.

Installing software remotely

The instructions I linked to above are fine if you have physical access to a device. But things get more complicated if you need to install software on remote PCs. PowerShell remoting provides a way to run commands, including Chocolatey, on remote devices. The catch is that you need to have network connectivity to the remote device. If you have a VPN setup, then that might not be an issue.

Enable PowerShell Remoting

PowerShell remoting isn’t enabled by default in Windows 10. Providing that the remote device is connected to a domain network, you can run the following command as a local administrator to enable remoting:

Enable-PSRemoting -Force

Install Chocolatey on remote devices

The first step is to install Chocolately on the remote PC. The code below makes a connection to a remote computer by name (remotePC) using PowerShell remoting, downloads and runs the Chocolatey PowerShell install script (install.ps1), and then it sets Chocolatey to ignore confirmation prompts (allowGlobalConfirmation) when installing packages.

Invoke-Command -ComputerName remotePC -ScriptBlock {

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

    choco feature enable -n allowGlobalConfirmation

    }

Providing that both your device and the remote PC are joined to the same Active Directory domain, you can authenticate using a domain account that has local administrator permissions on the remote device. A Kerberos token is passed to the remote device for authentication, so you don’t need to worry about using PowerShell remoting with HTTPS in this scenario.

Image # Expand
Figure1 2
How to Install Windows Software Remotely Using PowerShell and Chocolatey (Image Credit: Russell Smith)

 

Using Invoke-Command, you can specify more than one computer name as shown here:

Invoke-Command -ComputerName remotePC1,remotePC2,remotePC3

If you need to use alternative credentials to authenticate on the remote device, use Get-Credential to get the username and password interactively, and then add the -Credential parameter to Invoke-Command:

$Credential = Get-Credential
Invoke-Command -ComputerName remotePC -Credential $Credential

Installing software remotely using Chocolatey

Once Chocolatey is installed on the remote device, you can use it to install and manage software. Using the code below, just wrap your choco install commands in a script block. Here I will install Visual Studio Code, Adobe Acrobat Reader, and Microsoft Teams on a remote device called remotePC.

Invoke-Command -ComputerName remotePC -ScriptBlock {

    choco install vscode
    choco install adobereader
    choco install microsoft-teams

    }
Image # Expand
Figure2 1
How to Install Windows Software Remotely Using PowerShell and Chocolatey (Image Credit: Russell Smith)

But the real world is more complex…

Looks simple, right? Sure, in principle it could be this easy if you have the right infrastructure in place to provide network connectivity between your management workstation and the remote device(s) on which you want to manage software.

If you don’t have network connectivity, then all is not lost. You could use Microsoft Intune’s built-in software management capabilities. Or Intune and Chocolatey together. Alternatively, Chocolatey for Business (C4B) enables users to install software from a self-service portal without needing local administrator privileges.

Finally, if you intend to install software from Chocolatey’s public repository, bear in mind that while there are some limited security features to ensure that software in the repo is malware-free, using someone else’s public software repository might not be a good idea in enterprise environments. It’s better to create your own software packages and store them in a private repository.