Skip to content

Instantly share code, notes, and snippets.

@galenemery
Last active February 9, 2020 05:24
Show Gist options
  • Save galenemery/434a95dd2583e8dedc27 to your computer and use it in GitHub Desktop.
Save galenemery/434a95dd2583e8dedc27 to your computer and use it in GitHub Desktop.
WinRM config
# On the remote node/server:
winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
# When NOT USING a domain-based authentication (i.e., from Linux/Unix to Windows node):
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
# When USING a domain-based authentication (i.e., from Windows (workstation) to Windows node):
## On the remote server/node:
#winrm set winrm/config/service/auth '@{Basic="false"}'
#winrm set winrm/config/service '@{AllowUnencrypted="false"}'
@ffpollock
Copy link

Hey, Compliance has a 'required set up instructions for WINRM'

Here are a few steps to enable and verify the WinRM configuration of a node:
From CMD, start the WinRM service and load the default WinRM configuration.
c:> winrm quickconfig
Verify whether a listener is running, and which ports are used. The default ports are 5985 for HTTP, and 5986 for HTTPS.
c:> winrm enumerate winrm/config/listener
Enable basic authentication on the WinRM service. Run the following command to check whether basic authentication is allowed.
c:> winrm get winrm/config/service
Run the following command to enable basic authentication on the WinRM service. If you use POWERSHELL, you need quotes here '@{...}'
c:> winrm set winrm/config/service/auth @{Basic="true"}
Run the following command to allow transfer of unencrypted data on the WinRM service.
c:> winrm set winrm/config/service @{AllowUnencrypted="true"}
Enable Unencrypted client connections for the test winrm identity command to work.
c:> winrm set winrm/config/client @{AllowUnencrypted="true"}
Run the following command to test the connection to the WinRM service.
c:> winrm identify -r:http://NODE:5985 -auth:basic -u:USERNAME -p:PASSWORD -encoding:utf-8

Also dont forget about our firewall fun :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment