[置顶] PowerShell的学习笔记(4)---- 如何在使用Enter-PSSession的时候解决TrustedHosts list的问题?

标签: PowerShellWinRM5985TrustedHosts
544人阅读 评论(0) 收藏 举报
分类:

我们有的时候,不能直接远程桌面登录另外一台Window机器,这个时候可以使用Enter-PSSession命令,通过PowerShell终端等到远程的Window机器,这个时候,就需要被访问的机器打开5985 或者5986 端口。 默认情况下,Window 2008 Server或者Window 2012 Server会自动默认开启WinRM的服务器,从而暴露5985或者5986端口; 但是如果所有的机器在一个域里面的话,http(5985端口)的方式就能直接访问,否则必须启用https(5986端口)的方式,在调用的过程中可能会遇到下面的错误:



解决方案就是,在执行Enter-PSSession命令的这端(注意不是目标机器一端)执行下面的命令:

Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.2.*

调用完之后,Enter-Session就能登录到远程的机器上去了。



下面在附上一些配置目标节点WinRM的命令:

1. Winrm

winrm
winrm help auth
winrm help uris How to construct resource URIs.
winrm help aliases Abbreviations for URIs.
winrm help config Configuring WinRM client and service settings.
winrm help certmapping Configuring client certificate access.
winrm help remoting How to access remote machines.
winrm help auth Providing credentials for remote access.
winrm help input Providing input to create, set, and invoke.
winrm help switches Other switches such as formatting, options, etc.
winrm help proxy Providing proxy information.

2. winrm get winrm/config/client

3. 如果上面的Auth schema的basic为false,我们可以通过下面的方式修改(cmd窗口中)

winrm set winrm/config/client/Auth @{Basic="true"}
winrm set winrm/config/service @{AllowUnencrypted="true"}
winrm set winrm/config/client @{AllowUnencrypted="true"}
winrm set winrm/config/client @{TrustedHosts="*"}

4.设置HTTPS的默认端口(在Powershell中为无效的命令,但是在CMD中可以生效)

winrm set winrm/config/client/DefaultPorts @{HTTPS="443"}
在PowerShell窗口中,需要加上单引号 ‘’
winrm set winrm/config/client/DefaultPorts @{HTTPS="443"}


5. 需要在cmd窗口,而不是PowerShell窗口

winrm set winrm/config/client @{TrustedHosts="*"}
在PowerShell窗口中,需要加上单引号
winrm set winrm/config/client ‘@{TrustedHosts=”*”}’
winrm set winrm/config/service ‘@{EnableCompatibilityHttpListener="true"}'

6.Set-WSManQuickConfig -SkipNetworkProfileCheck

When you connect your network, it gets set to Public, Private, or Domain. If the current profile is set to Public, Set-WSManQuickConfig will fail with that message. You can either change it (if the system will let you) or skip the profile check.

7. 查看winrm的配置

PS C:\DSC> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = true
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647




1
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:384479次
    • 积分:6321
    • 等级:
    • 排名:第4065名
    • 原创:227篇
    • 转载:0篇
    • 译文:5篇
    • 评论:157条
    博客专栏