Users Guide

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Enterprise

启用 PSRemoting 命令也会启动 WS-Man 侦听器，但仅限于 HTTP。

Enable-PSRemoting -SkipNetworkProfileCheck -Force

1. 如果您不希望任何人使用 HTTP 连接到服务器，则可以运行以下命令删除 HTTP 侦听器：

Get-ChildItem WSMan:\Localhost\listener | Where -Property Keys -eq "Transport=HTTP" |

Remove-Item -Recurse

2. 删除所有的 WS-Man 侦听器以添加新的 HTTPS 侦听器：

Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

3. 添加 WS-Man HTTPS 侦听器：

New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -

CertificateThumbPrint $Cert.Thumbprint –Force

注: 使用之前定义的 $Cert 变量读取指纹。此变量允许新项目 cmdlet 查找证书存储中的证书。

4. 添加防火墙规则：

New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows

Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP

5. 通过运行以下命令验证设置：

C:\Windows\system32>winrm g winrm/config

Config

MaxEnvelopeSizekb = 500

MaxTimeoutms = 60000

MaxBatchItems = 32000

MaxProviderRequests = 4294967295

Client

NetworkDelayms = 5000

URLPrefix = wsman

AllowUnencrypted = false

Auth

Basic = true

Digest = true

Kerberos = true

Negotiate = true

Certificate = true

CredSSP = false

DefaultPorts

HTTP = 5985

HTTPS = 5986

TrustedHosts

Service

RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)

MaxConcurrentOperations = 4294967295

MaxConcurrentOperationsPerUser = 1500

EnumerationTimeoutms = 240000

MaxConnections = 300

MaxPacketRetrievalTimeSeconds = 120

AllowUnencrypted = false

Auth

Basic = true

Kerberos = true

Negotiate = true

Certificate = false

CredSSP = false

CbtHardeningLevel = Relaxed

DefaultPorts

HTTP = 5985

HTTPS = 5986

IPv4Filter = *

IPv6Filter = *

EnableCompatibilityHttpListener = false

EnableCompatibilityHttpsListener = true

查