Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tutorial:adm:configuration_-_winrm [2024/02/05 05:17] erbenr |
tutorial:adm:configuration_-_winrm [2024/02/05 05:29] (current) erbenr |
||
---|---|---|---|
Line 9: | Line 9: | ||
<code powershell> | <code powershell> | ||
Test-WSMan | Test-WSMan | ||
- | |||
</ | </ | ||
Line 25: | Line 24: | ||
<code powershell> | <code powershell> | ||
winrm e winrm/ | winrm e winrm/ | ||
- | |||
</ | </ | ||
Line 63: | Line 61: | ||
<code powershell> | <code powershell> | ||
winrm set winrm/ | winrm set winrm/ | ||
- | |||
</ | </ | ||
Line 74: | Line 71: | ||
winrm set winrm/ | winrm set winrm/ | ||
winrm set winrm/ | winrm set winrm/ | ||
- | |||
</ | </ | ||
Line 82: | Line 78: | ||
<code powershell> | <code powershell> | ||
winrm set winrm/ | winrm set winrm/ | ||
- | |||
</ | </ | ||
Line 90: | Line 85: | ||
<code powershell> | <code powershell> | ||
winrm set winrm/ | winrm set winrm/ | ||
- | |||
</ | </ | ||
Line 102: | Line 96: | ||
winrm set winrm/ | winrm set winrm/ | ||
Enable-WSManCredSSP -Role Server | Enable-WSManCredSSP -Role Server | ||
- | |||
</ | </ | ||
Line 122: | Line 115: | ||
<code powershell> | <code powershell> | ||
winrm configSDDL default | winrm configSDDL default | ||
- | |||
</ | </ | ||
Line 130: | Line 122: | ||
<code powershell> | <code powershell> | ||
Restart-Service winrm | Restart-Service winrm | ||
- | |||
</ | </ | ||
Line 142: | Line 133: | ||
<code shell> | <code shell> | ||
nc -vz HOST PORT | nc -vz HOST PORT | ||
- | |||
</ | </ | ||
Line 150: | Line 140: | ||
<code powershell> | <code powershell> | ||
Test-WSMan -ComputerName HOST or Test-netConnection HOST -Port PORT | Test-WSMan -ComputerName HOST or Test-netConnection HOST -Port PORT | ||
- | |||
</ | </ | ||
Line 156: | Line 145: | ||
Now we know if we are able to connect to the WinRM port. In case the port is not accessible it can be probably blocked in firewall. Next we want to try to connect to WinRM. Install [[: | Now we know if we are able to connect to the WinRM port. In case the port is not accessible it can be probably blocked in firewall. Next we want to try to connect to WinRM. Install [[: | ||
- | python>> | + | < |
- | + | >>> | |
- | < | + | |
- | import winrm>>> | + | |
>>> | >>> | ||
>>> | >>> | ||
- | |||
</ | </ | ||
Line 168: | Line 154: | ||
For connecting via HTTPS use this lane. The difference is in URL where we need to use https and port 5986. Then we are using one more argument where we specify path to trust store | For connecting via HTTPS use this lane. The difference is in URL where we need to use https and port 5986. Then we are using one more argument where we specify path to trust store | ||
- | s = winrm.Session('', | + | <code python>>>> |
- | + | ||
- | <code python>>>>> | + | |
</ | </ | ||
Line 179: | Line 162: | ||
<code python> | <code python> | ||
r = s.run_ps(' | r = s.run_ps(' | ||
- | |||
</ | </ | ||
Line 299: | Line 281: | ||
print " | print " | ||
print " | print " | ||
- | |||
</ | </ | ||
Line 332: | Line 313: | ||
Create and export self signed certificate with powershell: | Create and export self signed certificate with powershell: | ||
- | |||
<code powershell> | <code powershell> | ||
$pathToCertificate=" | $pathToCertificate=" | ||
- | $hostname=' | + | $hostname=' |
$params = @{ | $params = @{ | ||
Subject = " | Subject = " | ||
- | DnsName = 'bear.zoo.bcv' | + | DnsName = 'ad.idstory.idm' |
CertStoreLocation = ' | CertStoreLocation = ' | ||
- | KeyExportPolicy =' | + | KeyExportPolicy =' |
- | KeySpec =' | + | KeySpec =' |
KeyLength =' | KeyLength =' | ||
KeyAlgorithm = ' | KeyAlgorithm = ' | ||
Line 347: | Line 327: | ||
} | } | ||
- | #$cert = New-SelfSignedCertificate -Subject " | ||
$cert = New-SelfSignedCertificate @params | $cert = New-SelfSignedCertificate @params | ||
- | Export-Certificate -Cert $cert -FilePath " | + | Export-Certificate -Cert $cert -FilePath " |
$mypwd = ConvertTo-SecureString -String " | $mypwd = ConvertTo-SecureString -String " | ||
Export-PfxCertificate -Cert $cert -FilePath " | Export-PfxCertificate -Cert $cert -FilePath " | ||
- | |||
</ | </ | ||
List certificate in windows certificate storage: | List certificate in windows certificate storage: | ||
- | |||
<code powershell> | <code powershell> | ||
Get-ChildItem -Path Cert: | Get-ChildItem -Path Cert: | ||
- | |||
</ | </ | ||
Configure WinRM listener with HTTPS certficate: | Configure WinRM listener with HTTPS certficate: | ||
- | |||
<code powershell> | <code powershell> | ||
winrm create winrm/ | winrm create winrm/ | ||
for deleting | for deleting | ||
winrm delete winrm/ | winrm delete winrm/ | ||
- | |||
</ | </ | ||
Create firewall rule for WinRM HTTPS: | Create firewall rule for WinRM HTTPS: | ||
- | |||
<code powershell> | <code powershell> | ||
New-NetFirewallRule -Displayname 'WinRM - Powershell remoting HTTPS-In' | New-NetFirewallRule -Displayname 'WinRM - Powershell remoting HTTPS-In' | ||
- | |||
</ | </ | ||
Restart WinRM | Restart WinRM | ||
- | |||
<code powershell> | <code powershell> | ||
Restart-Service winrm | Restart-Service winrm | ||
- | |||
</ | </ | ||
Line 388: | Line 358: | ||
+ | ===== Powershell 7 support ===== | ||
+ | |||
+ | Install powershell 7: https:// | ||
+ | |||
+ | Run app '' | ||
+ | <code powershell> | ||
+ | Enable-PSRemoting | ||
+ | </ | ||