WinRM - Windows Remote Management ( Part 1 - Ansible Windows Automation)
Mai 16, 2021 - Lesezeit: 46 Minuten
WinRM - Windows Remote Management (Ansible Windows Automation)
Check if WimRM is Running via Powershell (elevated):
dir wsman:\localhost\listener
in my case the WinRM with HTTP is running.
Remove the existing WinRM Service via Powershell:
for HTTP:
dir WSMan:\Localhost\listener | where Keys -eq "Transport=HTTP" | Remove-Item –Recurse
For HTTPS:
dir WSMan:\Localhost\listener | where Keys -eq "Transport=HTTPS" | Remove-Item –Recurse
Generate a self-signed certificate for the server:
First check the hostname this will be the CN/DNS name for the certificate via Powershell:
Hostname
Create an certificate for the host via Powershell:
Important, in my LAB setup: Client Windows 10 German with German Time and Server Windows Server 2019 Std. Englisch with UTC time. Caused an problem with using server certificates which were created on the server and were not valid on the Clients until I changed the server time to UTC+01 Berlin.
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName $env:COMPUTERNAME
You can check the certificate was createt by the windows certlm:
Start the WinRM Service with HTTPS and valid certificate via Powershell:
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force
Check if the service is running:
dir wsman:\localhost\listener
Adding Firewall input rule to the Windows Firewall (Port 5986):
New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP
Exporting the Certificate for the automation servers:
Export-Certificate -Cert $Cert -FilePath C:\$env:COMPUTERNAME.der
Move the Certificate to your windows client and import it via Powershell (elevated):
Import-Certificate -Filepath "<directory of your cert.der>" -CertStoreLocation "Cert:\LocalMachine\Root"
Test the connection to the server via Powershell:
keep in mind to set the hostname to your hosts of the server is not in your DNS or behind VPN
Enter-PSSession -ComputerName <DNS Hostname> -UseSSL -Credential (Get-Credential)
After Typing in your credentials you have access to the Powershell of the remote server.
You can use this command with credentials in the shell if your security polices allow that the passwords will stay in the history:
winrs -r:https://<DNS Hostname>:5986/wsman -u:<Username> -p:<Password> ipconfig
Proxmox VE Bootable USB Stick - Rufus 3.13
April 19, 2021 - Lesezeit: ~1 Minute
Proxmox is an Shareware alternative to VMWare what is pretty fast installed on exisiting servers in my case it is an DELL 210ii.
To Create an Bootable stick you have to Select some Optional as exable the DD Mode in Rufus.
.png)
- Select the USB Festplatten anzeigen to be able to select the USB Stick
- Select USB Stick
- Select the Image from Proxmox VE
- Press Start
In the follwing part you can select the needed DD Mode for the Creating of the USB Stick this is mandatory
Source:
https://www.proxmox.com/de/proxmox-ve
2FA - With Yubikey and Authenticator "App"
März 21, 2021 - Lesezeit: ~1 Minute
Just a hint for all the people who use 2FA and MFA with TOTP via Mobilephone, if you have an Yubikey checkout the yubico-authenticator: Link: https://www.yubico.com/products/yubico-authenticator/