Last active
December 3, 2018 05:19
-
-
Save techthoughts2/f4f0fc4974f8c074ef308b821cca56be to your computer and use it in GitHub Desktop.
A collection of WinRM stuff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #------------------------------------------------------ | |
| #ENABLE WINRM | |
| #https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-6 | |
| #according to documentation this runs Set-WSManQuickConfig which basically does all the same stuff as the quickconfig | |
| Enable-PSRemoting | |
| #alternatively use this - but documentation indicates it's not as thorough | |
| winrm quickconfig | |
| #to turn back off: | |
| Disable-PSRemoting | |
| #------------------------------------------------------ | |
| #WINRM TRUSTED HOSTS | |
| #there are two ways to do this. Using PS cmdlets - or using native winRM method | |
| #PowerShell Way: | |
| #add a server to the trusted winrm hosts | |
| Set-Item WSMan:\localhost\Client\TrustedHosts –Value “MyServerName” | |
| #add multiple servers to the trusted winrm hosts | |
| Set-Item WSMan:\localhost\Client\TrustedHosts –Value “MyServerName,MyServerName2” | |
| #trust everything - not recommended for production | |
| Set-Item WSMan:\localhost\Client\TrustedHosts -Value “*” | |
| #list trusted hosts | |
| Get-Item WSMan:\localhost\Client\TrustedHosts | |
| #clear everything from trusted hosts | |
| Clear-Item -Path WSMan:\localhost\Client\TrustedHosts –Force | |
| #____________ | |
| #winrm way: | |
| winrm set winrm/config/client @{TrustedHosts="AComputerName"} | |
| #trust everything - not recommended for production | |
| winrm set winrm/config/client @{TrustedHosts="*"} | |
| #list trusted hosts | |
| ls WSMan:\localhost\Client\TrustedHosts | |
| #------------------------------------------------------ | |
| #ESTABLISHING WINRM CONNECTIONS | |
| $creds = Get-Credential | |
| #____________ | |
| #domain to domain (http) | |
| $domainToDomainHTTP = New-PSSession -ComputerName hostname -Credential $creds | |
| #____________ | |
| #domain to domain (https) | |
| $domainToDomainHTTPS = New-PSSession -ComputerName hostname -Credential $creds -UseSSL | |
| #____________ | |
| #domain to workgroup or workgroup to workgroup - self signed local certificate on remote device | |
| $so = New-PSSessionOption -SkipCNCheck -SkipCACheck -SkipRevocationCheck | |
| $session = New-PSSession -ComputerName 10.0.3.27 -Credential $creds -UseSSL -SessionOption $so | |
| #____________ | |
| #domain to workgroup or workgroup to workgroup - self signed local certificate on remote device through proxy | |
| $so = New-PSSessionOption -SkipCNCheck -SkipCACheck -SkipRevocationCheck -ProxyAccessType IEConfig | |
| Enter-PSSession -ComputerName 10.0.3.27 -UseSSL -SessionOption $so -Credential $creds | |
| #------------------------------------------------------ | |
| $listeners = Get-ChildItem WSMan:\localhost\Listener | |
| $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where { $_.Name -eq "Basic" } | |
| Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true | |
| #------------------------------------------------------ | |
| winrm get winrm/config | |
| winrm get winrm/config/client/Auth | |
| winrm get winrm/config/service/Auth | |
| winrm get winrm/config/service | |
| winrm e winrm/config/listener | |
| winrm get winrm/config/service | |
| #------------------------------------------------------ | |
| Get-WSManInstance -ResourceURI winrm/config/service/Auth | |
| Get-WSManInstance -ResourceURI winrm/config/client/Auth | |
| Get-WSManInstance -ResourceURI winrm/config/client | |
| #------------------------------------------------------ | |
| winrm set winrm/config/Listener?Address=*+Transport=HTTP '@{Port="8888"}' | |
| #------------------------------------------------------ | |
| Enable-WSManCredSSP -DelegateComputer * -Role Client -Force | |
| Enable-WSManCredSSP -Role Server -Force | |
| Set-ExecutionPolicy Bypass -Force | |
| #------------------------------------------------------ | |
| $subject = $env:COMPUTERNAME | |
| $certInfo = ls Cert:\LocalMachine\My | where { $_.Subject -eq $subject } | |
| #redo------------------------------------------------- | |
| ls CERT:\LocalMachine\My | |
| Get-ChildItem WSMan:\localhost\Listener | |
| winrm e winrm/config/listener | |
| Winrm get winrm/config/service | |
| $checkconfig = winrm e winrm/config/listener | |
| if($checkconfig -contains " Transport = HTTPS") | |
| { | |
| Write-Host -ForegroundColor Yellow "1. Delete old config" | |
| winrm delete winrm/config/Listener?Address=*+Transport=HTTPS | |
| } | |
| Remove-Item -path CERT:\LocalMachine\My\06E718D8446373F6563AD53099CBDC9856C0655A | |
| #redo------------------------------------------------- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment