运行环境
Windows 2012 R2
1. Windows需要打开WinRM服务,Server系统默认打开,默认端口5985
# WinRM服务查看 PS C:\Users\Administrator> winrm enumerate winrm/config/listener Listener Address = * Transport = HTTP Port = 5985 Hostname Enabled = true URLPrefix = wsman CertificateThumbprint ListeningOn = 127.0.0.1, 172.16.1.101, ::1
2. 开启远程管理权限
PS C:\Users\Administrator> winrm quickconfig 已在此计算机上运行 WinRM 服务。 WinRM 没有设置成为了管理此计算机而允许对其进行远程访问。 必须进行以下更改: 配置 LocalAccountTokenFilterPolicy 以远程向本地用户授予管理权限。 执行这些更改吗[y/n]? y WinRM 已经进行了更新,以用于远程管理。 已配置 LocalAccountTokenFilterPolicy 以远程向本地用户授予管理权限。
3. 配置基本验证服务
# 遇到坑 PS C:\Users\Administrator> winrm set winrm/config/service/auth @{Basic="true"} 错误: Invalid use of command line. Type "winrm -?" for help. # 这个才是正确的 PS C:\Users\Administrator> winrm set winrm/config/service/auth ‘@{Basic="true"}‘ Auth Basic = true Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed
4. 配置非加密服务
PS C:\Users\Administrator> winrm set winrm/config/service ‘@{AllowUnencrypted="true"}‘ Service RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD) MaxConcurrentOperations = 4294967295 MaxConcurrentOperationsPerUser = 1500 EnumerationTimeoutms = 240000 MaxConnections = 300 MaxPacketRetrievalTimeSeconds = 120 AllowUnencrypted = true Auth Basic = true Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed DefaultPorts HTTP = 5985 HTTPS = 5986 IPv4Filter = * IPv6Filter = * EnableCompatibilityHttpListener = false EnableCompatibilityHttpsListener = false CertificateThumbprint AllowRemoteAccess = true
[Windows]远程管理服务WinRM远程管理Windows服务器 Invalid use of command line. Type "winrm -?" for help.