Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:configuration_-_winrm [2021/05/24 08:14]
kucerar fixed format 		tutorial:adm:configuration_-_winrm [2021/10/20 05:03]
kucerar sddl registry
Line 189: Line 189:
 print "retcode",status_code print "retcode",status_code
 </code> </code>
 +
 +=== SDDL configuration - access denied ===
 +When you try to configure SDDL via command "winrm configSDDL default", after adding some group and clicking on "OK", you will see this error in command line:
 +
 +<code>
 +access denied
 +Error number:  -2147024891 0x80070005
 +</code>
 +This can be caused, because your user has no permission to change it.
 +
 +For example if only local group "Administrators" had "full control" but for some reason someone remove it, you are not able to add the same group back or any other group back.
 +The only solution is to edit registry.
 +
 +Navigate to Computer\Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\WSMAN\Service
 +
 +Set value for rootSDDL to O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
 +
 +After that when you open SDDL config "Administrators" group will be back again with full control permissions.
 +
 +
 ===== HTTPS support ===== ===== HTTPS support =====
 The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client. The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client.
  • by erbenr