Created
January 15, 2018 16:57
-
-
Save VimalShekar/810448f1887c750869ff693a43637967 to your computer and use it in GitHub Desktop.
Enable WinRM on a workgroup machine and allow connections from any remote host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WinRM only works on Private and Domain networks, it is disabled on public networks. | |
# Detect and modify any networks which are set to Public, ensure that every network is private. | |
# First, set CategoryType to 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles | |
# Then create an instance of {DCB00C01-570F-4A9B-8D69-199FDBA5723B}, get connections and set the category! | |
function Enable-WinRMOnWorkGroupMachine { | |
$Private:ConnectionProfiles = Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles' | |
foreach ($ConnProf in $Private:ConnectionProfiles) { | |
Write-host " Parsing network profile for $ConnProf " | |
$Valprop = Get-ItemProperty -Path $ConnProf.PSPath -Name "Category" -ErrorAction SilentlyContinue | |
if ($?) { | |
Remove-ItemProperty -Path $ConnProf.PSPath -Name "Category" -ErrorAction SilentlyContinue -Force | |
} | |
Write-host " Setting the Category to 1 for $ConnProf" | |
Set-ItemProperty -Path $ConnProf.PSPath -Name "Category" -Value 1 -ErrorAction SilentlyContinue -Force | |
} | |
# This is from https://blogs.technet.microsoft.com/samdrey/2011/10/19/how-to-use-powershell-to-change-the-network-location-type-to-private-or-public/ | |
try{ | |
$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}")) | |
$connections = $networkListManager.GetNetworkConnections() | |
foreach ($nwconn in $connections) { | |
Write-host " Attempting to set category for $NetworkName to private" | |
$NetworkConn = $nwconn.GetNetwork() | |
$NetworkName = $NetworkConn.GetName() | |
try{ | |
$NetworkConn.SetCategory(1) | |
Write-host " Successfully set" | |
} | |
catch { | |
Write-host " Exception when setting network category..." | |
} | |
} | |
} | |
catch { | |
Write-Host " Exception when getting network connections category..." | |
} | |
Write-host " Restarting Network Profile Service for changes to take effect!" | |
ManageWinService -Name 'netprofm' "Stop" | |
Sleep 5 | |
ManageWinService -Name 'netprofm' "Start" | |
#Now, lets run "winrm quickconfig -quiet -force" | |
Write-host " Running winrm quickconfig -quiet -force" | |
$ProcName = "winrm" | |
$Arg = "quickconfig -quiet -force" | |
$Proc = Start-Process -FilePath $ProcName -wait -ArgumentList $Arg -PassThru | |
if ($Proc.ExitCode -eq 0) { | |
Write-host " WinRM Service was configured successfully" | |
} | |
else { | |
Write-host " Failed to configure Service - $($Proc.ExitCode)" | |
} | |
#Set client settings and auth type a needed | |
Write-host " Updating Client Settings" | |
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value "*" -Force -ErrorAction SilentlyContinue #Required to allow connections from any host | |
#Set-Item -Path WSMan:\localhost\Client\Auth\Basic -Value true | |
#Set-Item -Path WSMan:\localhost\Client\Auth\Certificate -Value true | |
Set-Item -Path WSMan:\localhost\Client\Auth\CredSSP -Value true | |
#Set-Item -Path WSMan:\localhost\Client\Auth\Digest -Value true | |
#Set-Item -Path WSMan:\localhost\Client\Auth\Kerberos -Value true | |
Set-Item -Path WSMan:\localhost\Client\Auth\Negotiate -Value true | |
Write-host " Updating Service Settings" | |
#Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true | |
#Set-Item -Path WSMan:\localhost\Service\AllowRemoteAccess -Value true | |
Set-Item -Path WSMan:\localhost\Service\IPv4Filter -Value "*" | |
Set-Item -Path WSMan:\localhost\Service\IPv6Filter -Value "*" | |
#Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value true | |
#Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value true | |
Set-Item -Path WSMan:\localhost\Service\Auth\CredSSP -Value true | |
#Set-Item -Path WSMan:\localhost\Service\Auth\Digest -Value true | |
#Set-Item -Path WSMan:\localhost\Service\Auth\Kerberos -Value true | |
Set-Item -Path WSMan:\localhost\Service\Auth\Negotiate -Value true | |
Set-Item -Path WSMan:\localhost\Shell\AllowRemoteShellAccess -Value true | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment