PS C:\Users\Administrator> dir WSMan:\localhost\Listener\*\Port WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener\Listener_1084132640 Type Name SourceOfValue Value ---- ---- ------------- ----- System.String Port 5985 PS C:\Users\Administrator> Set-Item WSMan:\localhost\Listener\*\Port 8888 Set the value of the item This command set the value of the Item. Do you want to continue? [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): PS C:\Users\Administrator> dir WSMan:\localhost\Listener\*\Port WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener\Listener_1892757853 Type Name SourceOfValue Value ---- ---- ------------- ----- System.String Port 8888 PS C:\Users\Administrator> PS C:\Users\Administrator> Enable-PSRemoting WinRM Quick Configuration Running command "Set-WSManQuickConfig" to enable remote management of this computer by using the Windows Remote Management (WinRM) service. This includes: 1. Starting or restarting (if already started) the WinRM service 2. Setting the WinRM service startup type to Automatic 3. Creating a listener to accept requests on any IP address 4. Enabling Windows Firewall inbound rule exceptions for WS-Management traffic (for http only). Do you want to continue? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): WinRM is already set up to receive requests on this computer. WinRM has been updated for remote management. Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users. Confirm Are you sure you want to perform this action? Performing the operation "Set-PSSessionConfiguration" on target "Name: microsoft.powershell SDDL: O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD). This lets selected users remotely run Windows PowerShell commands on this computer.". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Confirm Are you sure you want to perform this action? Performing the operation "Set-PSSessionConfiguration" on target "Name: microsoft.powershell.workflow SDDL: O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD). This lets selected users remotely run Windows PowerShell commands on this computer.". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Confirm Are you sure you want to perform this action? Performing the operation "Set-PSSessionConfiguration" on target "Name: microsoft.powershell32 SDDL: O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD). This lets selected users remotely run Windows PowerShell commands on this computer.". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Confirm Are you sure you want to perform this action? Performing the operation "Set-PSSessionConfiguration" on target "Name: microsoft.windows.servermanagerworkflows SDDL: O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD). This lets selected users remotely run Windows PowerShell commands on this computer.". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): PS C:\Users\Administrator> dir WSMan:\localhost\Listener\*\Port WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener\Listener_1892757853 Type Name SourceOfValue Value ---- ---- ------------- ----- System.String Port 8888
Check WinRM running with new ports
PS C:\Users\Administrator> netstat -aon | findstr "8888" TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 4 TCP [::]:8888 [::]:0 LISTENING 4 PS C:\Users\Administrator>
Install Web Access
PS C:\Users\Administrator> Install-WindowsFeature –Name WindowsPowerShellWebAccess -ComputerName MSERVER1 -IncludeManage mentTools -Restart Success Restart Needed Exit Code Feature Result ------- -------------- --------- -------------- True No Success {ASP.NET 4.5, Application Development, ASP... WARNING: For more information about how to finish installing and configuring Windows PowerShell Web Access, see http://go.microsoft.com/fwlink/?LinkID=221050. PS C:\Users\Administrator>
Config gateway
PS C:\Users\Administrator> Install-PswaWebApplication -UseTestCertificate WARNING: Using a test certificate in a production environment is not recommended for security reasons. This certificate should be used only for internal testing of Windows PowerShell Web Access. The test certificate expires in 90 days. Creating application pool pswa_pool... Name State Applications ---- ----- ------------ pswa_pool Started Creating web application pswa... Path : /pswa ApplicationPool : pswa_pool EnabledProtocols : http PhysicalPath : C:\Windows\Web\PowerShellWebAccess\wwwroot Creating self-signed certificate... Creating HTTPS binding... PS C:\Users\Administrator>
Add authorization rule
PS C:\Users\Administrator> hostname mserver1 PS C:\Users\Administrator> Add-PswaAuthorizationRule –UserName MSERVER1\Administrator -ComputerName MSERVER1 -Configurat ionName microsoft.powershell Id RuleName User Destination ConfigurationName -- -------- ---- ----------- ----------------- 0 Rule 0 MSERVER1\Administrator MSERVER1 microsoft.powershell PS C:\Users\Administrator> Add-PswaAuthorizationRule –UserName MSERVER1\CloudAdmin -ComputerName MSERVER1 -Configuration Name microsoft.powershell Id RuleName User Destination ConfigurationName -- -------- ---- ----------- ----------------- 1 Rule 1 MSERVER1\CloudAdmin MSERVER1 microsoft.powershell PS C:\Users\Administrator> Get-PswaAuthorizationRule Id RuleName User Destination ConfigurationName -- -------- ---- ----------- ----------------- 0 Rule 0 mserver1\administrator MSERVER1 microsoft.powershell 1 Rule 1 mserver1\cloudadmin MSERVER1 microsoft.powershell PS C:\Users\Administrator>
OR allow all user and configuration with
PS C:\Users\Administrator> Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName * -- OR -- PS C:\Users\Administrator> Add-PswaAuthorizationRule * * *
Bingo !!!.
Open url => https://xx.xx.xx.xx/pswa
Welcome to PS session like below
Additional step for remote to machine in difference domain or non-domain manner.
Add trusted host
PS C:\Users\Administrator> Get-Item WSMan:\localhost\Client\TrustedHosts WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client Type Name SourceOfValue Value ---- ---- ------------- ----- System.String TrustedHosts STATBSPDB,172.19.3.13 PS C:\Users\Administrator> Set-Item WSMan:\localhost\Client\TrustedHosts -Value STATBBI -Force -Concatenate PS C:\Users\Administrator> Set-Item WSMan:\localhost\Client\TrustedHosts -Value 172.19.2.31 -Force -Concatenate PS C:\Users\Administrator> Get-Item WSMan:\localhost\Client\TrustedHosts WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client Type Name SourceOfValue Value ---- ---- ------------- ----- System.String TrustedHosts STATBSPDB,172.19.3.13,STATBBI,172.19.2.31
Test from local machine (gateway) when run Get-Credential, a windows is pop-up then enter a credential like "STATBBI\Administrator" and password of remote server.
PS C:\Users\Administrator> $C = Get-Credential cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential PS C:\Users\Administrator> Enter-PSSession -ComputerName STATBBI -Credential $C [STATBBI]: PS C:\Users\Administrator\Documents> [STATBBI]: PS C:\Users\Administrator\Documents> [STATBBI]: PS C:\Users\Administrator\Documents> hostname STATBBI
After that try to access from web by enter an info like below.
No comments:
Post a Comment