Rozdíly
Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.
| — |
windows:powershell [29.03.2010 14:57] (aktuální) wladik created |
||
|---|---|---|---|
| Řádek 1: | Řádek 1: | ||
| + | ====== PowerShell ====== | ||
| + | ===== Povolit Vzdálenou správu na klientech přes GPO ===== | ||
| + | |||
| + | **Set the winrm service to auto start** | ||
| + | Computer Configuration \ Policies \ Windows Settings \ Security Settings \ System Services | ||
| + | |||
| + | Windows Remote Management (WS-Management) set Startup Mode to Automatic | ||
| + | |||
| + | |||
| + | **create a winrm listener** | ||
| + | Computer Configuration / Policies / Administrative Templates / Windows Components / Windows Remote Management (WinRM) / WinRM Service / Allow automatic configuration of listeners | ||
| + | |||
| + | IPv4 filter: * | ||
| + | |||
| + | * is listen on all addresses, or if you only want a particular IP address to respond use an iprange eg 10.1.1.1-10.1.1.254 - don't forget that this IP range has to be valid for all hosts that fall in the scope of the GPO you are creating. You can use 10.1.1.1 - 10.1.1.254,10.1.1.3 - 10.1.4.254 for multiple subnets | ||
| + | |||
| + | |||
| + | **add firewall exceptions to allow the service to communicate.** | ||
| + | |||
| + | |||
| + | Computer Configuration / Policies / Windows Settings / Security Settings / Windows Firewall with Advanced Security | ||
| + | |||
| + | Create an Inbound Rule allowing the predefined group 'Windows Remote Management' | ||
| + | |||
| + | |||
| + | NOTE: I created the GPO on an Windows 2008 R2 server. This is only significant when GPO settings are updated across different versions. I say this because WinRM in 2008 uses port 80 to communicate whereas R2 uses port 5985. This is refelcted when you create the firewall exception for the 'Windows Remote Management' Group in group policy. It creates 2 rules, one for backwards compatibility. If you were to create the GPO using the 2008 GPMC, this would not be the case as you only get one rule created for port 80. | ||
| + | |||
| + | As a security measure, I also configured the trusted host list (the IP addreses of the computers that can initate connections to the WinRM service) | ||
| + | |||
| + | Computer Configuration / Policies / Administrative Templates / Windows Components / Windows Remote Management (WinRM) / WinRM Client / Trusted Hosts | ||
| + | |||
| + | TrustedHostsList: 10.1.1.*,10.2.2.* | ||
| + | |||
| + | |||
| + | Don't forget to run GPupdate /force to update the settings that bit quicker! | ||
| + | |||
| + | |||
| + | |||
| + | Zdroj: [[http://adadmin.blogspot.com/2009/09/enable-powershell-remoting-winrm-via.html]] | ||
| + | |||
windows/powershell.txt · Poslední úprava: 29.03.2010 14:57 autor: wladik