一. windows server需要打开winrm服务
PS C:UsersAdministrator> winrm enumerate winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 172.16.1.101, ::1
二. 开启远程管理权限
PS C:UsersAdministrator> winrm quickconfig
已在此计算机上运行 WinRM 服务。
WinRM 没有设置成为了管理此计算机而允许对其进行远程访问。
必须进行以下更改:
配置 LocalAccountTokenFilterPolicy 以远程向本地用户授予管理权限。
执行这些更改吗[y/n]? y
WinRM 已经进行了更新,以用于远程管理。
已配置 LocalAccountTokenFilterPolicy 以远程向本地用户授予管理权限。
三. 配置基本验证服务
# 遇到坑
PS C:UsersAdministrator> winrm set winrm/config/service/auth @{Basic="true"}
错误: Invalid use of command line. Type "winrm -?" for help.
# 这个才是正确的
PS C:UsersAdministrator> winrm set winrm/config/service/auth '@{Basic="true"}'
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
四. 配置非加密服务
PS C:UsersAdministrator> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true