Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:configuration_-_winrm [2019/06/12 08:56] kucerar basic config, commands |
tutorial:adm:configuration_-_winrm [2019/06/12 10:43] kucerar |
||
---|---|---|---|
Line 28: | Line 28: | ||
< | < | ||
{{: | {{: | ||
+ | |||
+ | ==== Authentications methods ==== | ||
+ | |||
+ | ^ ^ Type of user | **Credential delegation** | ||
+ | | Basic | local | no | no | | ||
+ | | NTLM | local, domain | ||
+ | | Kerberos | ||
+ | | CredSSP | ||
+ | |||
+ | You can configure trusted host which will be able to connect. If you don't want to specify this use | ||
+ | < | ||
+ | |||
+ | We can use several methods for authentication. | ||
+ | * Basic - the second command will allow unencrypted data transfer, so it's not recommended to use it with HTTP. For some testing purpose it's ok. | ||
+ | < | ||
+ | winrm set winrm/ | ||
+ | </ | ||
+ | * NTLM | ||
+ | < | ||
+ | * Kerberos | ||
+ | < | ||
+ | * CredSSP | ||
+ | < | ||
+ | |||
+ | ==== Permission configuration ==== | ||
+ | Now we need to set the right permissions. It's tested against NTLM, Kerberos and CredSSP auth | ||
+ | It's tested with local user + group and with domain user + group. | ||
+ | For the following steps you can use one of these groups WinRMRemoteWMIUsers__ or Remote Management Users It should work with both. | ||
+ | |||
+ | Assign user into group | ||
+ | |||
+ | Set WMI access for group. | ||
+ | * Computer Management -> Services and Application -> right click WMI Control -> Properties | ||
+ | * In new dialog window -> tab Security -> Root -> CIMV2 and click button Security | ||
+ | * Next dialog window will appear - you need to add group here | ||
+ | * You need to select these options in the checkboxes - Execute Methods, Enable Account and Remote Enable | ||
+ | * Click on Advanced - select and edit group -> Set " | ||
+ | * Confirm all changes in dialog windows and close them | ||
+ | {{: | ||
+ | {{: | ||
+ | |||
+ | Set SDDL | ||
+ | * < | ||
+ | {{: | ||
+ | * Add group and give it Full Control | ||
+ | * Confirm changes | ||
+ | |||
+ | Restart WinRM | ||
+ | < |