SSH on Windows 10+ works on non-domain

doing updates on a network that doesn’t have a domain, yet. Want to physically touch each PC as little as possible due to requirements for masks, hairnets, jumpsuits, steel toes, hard hats etc. The plan is to use PsExec to get a cmd shell on each PC and setup SSH from there.

Install the Microsoft SysInternals package on a PC on the same subnet

Install the WakeMeOnLan software on your workstation PC, run it a few times during the day to collect MAC address information. We will use this after hours to wake up PCs that have gone to sleep.

Use psexec64 to connect to each PC

.\PsExec64.exe -i \$RemoteServer -h -u UserOnTargetPc -p SuperSecurePasswrd cmd

Install the OpenSSH service

dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0

this is not fast, assume 3min or more if bandwidth is low. and occasionally it asks if you want to restart the PC.

Set the shell that OpenSSH uses to Powershell as we can already use PsExec to get a cmd.exe shell.

reg add HKLM\SOFTWARE\OpenSSH /v DefaultShell /t REG_SZ /d “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe”

now we need to start the service, 2nd command sets it to auto-start

net start “OpenSSH SSH Server”

Set-Service -Name sshd -StartupType automatic (powershell)

OR

sc config sshd start=auto (cmd)

We can now use Putty or whatever to SSH. Notice the prompt includes PS for PowerShell

Looking at the SSHD service we can see that it takes about 3MB of RAM, when someone is actively using the service.

Lets compare that to TeamViewer with nobody using the service, which takes 15MB

the footprint of the running service is important to my situation as some of the tablets in use have only 4GB of RAM

more info here https://theitbros.com/ssh-into-windows/

Change the PCs Windows Product Key; as home versions can’t join a domain (tried this multiple times, never seems to work)

slmgr.vbs /ipk xxxx-xxxx-xxxx-xxxx-xxxx
slmgr.vbs /ato
slmgr.vbs /dli

Join to a domain using the following **problem, this asks for credentials**

add-computer –domainname “YourDomainName” -restart

sduncan