Last active
August 5, 2019 22:21
-
-
Save pldmgg/65b9c534fe578c6d7e7c21db2ee4dd8c to your computer and use it in GitHub Desktop.
WinRM Config Cheat Sheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| try { | |
| $null = Enable-PSRemoting -Force -ErrorAction Stop | |
| } | |
| catch { | |
| $null = Get-NetConnectionProfile | Where-Object {$_.NetworkCategory -eq 'Public'} | Set-NetConnectionProfile -NetworkCategory 'Private' | |
| try { | |
| $null = Enable-PSRemoting -Force -ErrorAction Stop | |
| } | |
| catch { | |
| Write-Error $_ | |
| Write-Error "Problem with Enable-PSRemoting WinRM Quick Config! Halting!" | |
| $global:FunctionResult = "1" | |
| return | |
| } | |
| } | |
| # If $env:ComputerName is not part of a Domain, we need to add this registry entry to make sure WinRM works as expected | |
| if (!$(Get-CimInstance Win32_Computersystem).PartOfDomain) { | |
| $null = reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f | |
| } | |
| # Add Servers' Network Locations to $env:ComputerName's WinRM Client TrustedHosts | |
| $CurrentTrustedHosts = $(Get-Item WSMan:\localhost\Client\TrustedHosts).Value | |
| [System.Collections.ArrayList][array]$CurrentTrustedHostsAsArray = $CurrentTrustedHosts -split ',' | |
| [System.Collections.ArrayList]$ItemsToAddToWSMANTrustedHosts = @( | |
| $IPofServerA | |
| $FQDNofServerA | |
| $IPofServerB | |
| $FQDNofServerB | |
| ) | |
| foreach ($NetworkItem in $ItemsToAddToWSMANTrustedHosts) { | |
| if ($CurrentTrustedHostsAsArray -notcontains $NetworkItem) { | |
| $null = $CurrentTrustedHostsAsArray.Add($NetworkItem) | |
| } | |
| } | |
| $UpdatedTrustedHostsString = $($CurrentTrustedHostsAsArray | Where-Object {![string]::IsNullOrWhiteSpace($_)}) -join ',' | |
| Set-Item WSMan:\localhost\Client\TrustedHosts $UpdatedTrustedHostsString -Force | |
| # Configure Service | |
| Set-Item -Path WSMan:\localhost\Service\MaxConcurrentOperations -Value 4294967295 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\MaxConcurrentOperationsPerUser -Value 1500 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\EnumerationTimeoutms -Value 240000 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\MaxConnections -Value 300 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\MaxPacketRetrievalTimeSeconds -Value 120 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\IPv4Filter -Value "*" # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\IPv6Filter -Value "*" # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\EnableCompatibilityHttpsListener -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\CertificateThumbprint -Value "" # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\AllowRemoteAccess -Value $true # Configured by default | |
| # Configure Service Authentication | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Digest -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Kerberos -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Negotiate -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Service\Auth\CredSSP -Value $false # Configured by default | |
| # Configure Client | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Basic -Value $false # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Digest -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Kerberos -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Negotiate -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\Certificate -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Client\Auth\CredSSP -Value $false # Configured by default | |
| # Configure Shell | |
| Set-Item -Path WSMan:\localhost\Shell\AllowRemoteShellAccess -Value $true # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\IdleTimeout -Value 7200000 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxConcurrentUsers -Value 2147483647 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxShellRunTime -Value 2147483647 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxProcessesPerShell -Value 2147483647 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 2147483647 # Configured by default | |
| Set-Item -Path WSMan:\localhost\Shell\MaxShellsPerUser -Value 2147483647 # Configured by default | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment