一. windows server需要打開winrm服務
PS C:\Users\Administrator> winrm enumerate winrm/config/listener Listener Address = * Transport = HTTP Port = 5985 Hostname Enabled = true URLPrefix = wsman CertificateThumbprint ListeningOn = 127.0.0.1, 172.16.1.101, ::1
二. 開啟遠程管理權限
PS C:\Users\Administrator> winrm quickconfig 已在此計算機上運行 WinRM 服務。 WinRM 沒有設置成為了管理此計算機而允許對其進行遠程訪問。 必須進行以下更改: 配置 LocalAccountTokenFilterPolicy 以遠程向本地用戶授予管理權限。 執行這些更改嗎[y/n]? y WinRM 已經進行了更新,以用於遠程管理。 已配置 LocalAccountTokenFilterPolicy 以遠程向本地用戶授予管理權限。
三. 配置基本驗證服務
# 遇到坑 PS C:\Users\Administrator> winrm set winrm/config/service/auth @{Basic="true"} 錯誤: Invalid use of command line. Type "winrm -?" for help. # 這個才是正確的 PS C:\Users\Administrator> winrm set winrm/config/service/auth '@{Basic="true"}' Auth Basic = true Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed
四. 配置非加密服務
PS C:\Users\Administrator> winrm set winrm/config/service '@{AllowUnencrypted="true"}' Service RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD) MaxConcurrentOperations = 4294967295 MaxConcurrentOperationsPerUser = 1500 EnumerationTimeoutms = 240000 MaxConnections = 300 MaxPacketRetrievalTimeSeconds = 120 AllowUnencrypted = true Auth Basic = true Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed DefaultPorts HTTP = 5985 HTTPS = 5986 IPv4Filter = * IPv6Filter = * EnableCompatibilityHttpListener = false EnableCompatibilityHttpsListener = false CertificateThumbprint AllowRemoteAccess = true