A simple Powershell WinRM-HTTPs setup
Write-Output "Disabling WinRM over HTTP..." | |
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP" | |
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" | |
Get-ChildItem WSMan:\Localhost\listener | Remove-Item -Recurse | |
Write-Output "Configuring WinRM for HTTPS..." | |
Set-Item -Path WSMan:\LocalHost\MaxTimeoutms -Value '1800000' | |
Set-Item -Path WSMan:\LocalHost\Shell\MaxMemoryPerShellMB -Value '1024' | |
Set-Item -Path WSMan:\LocalHost\Service\AllowUnencrypted -Value 'false' | |
Set-Item -Path WSMan:\LocalHost\Service\Auth\Basic -Value 'true' | |
Set-Item -Path WSMan:\LocalHost\Service\Auth\CredSSP -Value 'true' | |
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP" ` | |
-DisplayName "Windows Remote Management (HTTPS-In)" ` | |
-Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" ` | |
-Group "Windows Remote Management" ` | |
-Program "System" ` | |
-Protocol TCP ` | |
-LocalPort "5986" ` | |
-Action Allow ` | |
-Profile Domain,Private | |
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" ` | |
-DisplayName "Windows Remote Management (HTTPS-In)" ` | |
-Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" ` | |
-Group "Windows Remote Management" ` | |
-Program "System" ` | |
-Protocol TCP ` | |
-LocalPort "5986" ` | |
-Action Allow ` | |
-Profile Public | |
$Hostname = [System.Net.Dns]::GetHostByName((hostname)).HostName.ToUpper() | |
$pfx = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName $Hostname | |
$certThumbprint = $pfx.Thumbprint | |
$certSubjectName = $pfx.SubjectName.Name.TrimStart("CN = ").Trim() | |
New-Item -Path WSMan:\LocalHost\Listener -Address * -Transport HTTPS -Hostname $certSubjectName -CertificateThumbPrint $certThumbprint -Port "5986" -force | |
Write-Output "Restarting WinRM Service..." | |
Stop-Service WinRM | |
Set-Service WinRM -StartupType "Automatic" | |
Start-Service WinRM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment