-
-
Save jasonadsit/2fbc6890b0bbebc2443363b5de3d34e1 to your computer and use it in GitHub Desktop.
WinRM Config Cheat Sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| try { | |
| $null = Enable-PSRemoting -Force -ErrorAction Stop | |
| } | |
| catch { | |
| $null = Get-NetConnectionProfile | Where-Object {$_.NetworkCategory -eq 'Public'} | Set-NetConnectionProfile -NetworkCategory 'Private' | |
| try { | |
| $null = Enable-PSRemoting -Force -ErrorAction Stop | |
| } | |
| catch { | |
| Write-Error $_ | |
| Write-Error "Problem with Enable-PSRemoting WinRM Quick Config! Halting!" | |
| $global:FunctionResult = "1" | |
| return | |
| } | |
| } | |
| # If $env:ComputerName is not part of a Domain, we need to add this registry entry to make sure WinRM works as expected | |
| if (!$(Get-CimInstance Win32_Computersystem).PartOfDomain) { | |
| $null = reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f | |
| } | |
| # Add Servers' Network Locations to $env:ComputerName's WinRM Client TrustedHosts | |
| $CurrentTrustedHosts = $(Get-Item WSMan:\localhost\Client\TrustedHosts).Value | |
| [System.Collections.ArrayList][array]$CurrentTrustedHostsAsArray = $CurrentTrustedHosts -split ',' | |
| [System.Collections.ArrayList]$ItemsToAddToWSMANTrustedHosts = @( | |
| $IPofServerA | |
| $FQDNofServerA | |
| $IPofServerB | |
| $FQDNofServerB | |
| ) | |
| foreach ($NetworkItem in $ItemsToAddToWSMANTrustedHosts) { | |
| if ($CurrentTrustedHostsAsArray -notcontains $NetworkItem) { | |
| $null = $CurrentTrustedHostsAsArray.Add($NetworkItem) | |
| } | |
| } | |
| $UpdatedTrustedHostsString = $($CurrentTrustedHostsAsArray | Where-Object {![string]::IsNullOrWhiteSpace($_)}) -join ',' | |
| Set-Item WSMan:\localhost\Client\TrustedHosts $UpdatedTrustedHostsString -Force | |
| # Configure Service | |
| Set-Item -Path WSMan:\localhost\Service\MaxConcurrentOperations -Value 4294967295 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\MaxConcurrentOperationsPerUser -Value 1500 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\EnumerationTimeoutms -Value 240000 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\MaxConnections -Value 300 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\MaxPacketRetrievalTimeSeconds -Value 120 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\IPv4Filter -Value "*" # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\IPv6Filter -Value "*" # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\EnableCompatibilityHttpsListener -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\CertificateThumbprint -Value "" # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\AllowRemoteAccess -Value $true # Configured by default | |
| # Configure Service Authentication | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Digest -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Kerberos -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Negotiate -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\CredSSP -Value $false # Configured by default | |
| # Configure Client | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Basic -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Digest -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Kerberos -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Negotiate -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Certificate -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\CredSSP -Value $false # Configured by default | |
| # Configure Shell | |
| Set-Item -Path WSMan:\localhost\Shell\AllowRemoteShellAccess -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\IdleTimeout -Value 7200000 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxConcurrentUsers -Value 2147483647 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxShellRunTime -Value 2147483647 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxProcessesPerShell -Value 2147483647 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 2147483647 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxShellsPerUser -Value 2147483647 # Configured by default | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment