Shared Points

items of some interest

SharePoint - is WinRM configured for remotePS?

SharePoint - is WinRM configured for remotePS?

  • Comments 1
  • Likes

# WinRMcheck.ps1
# check the registry keys on the target server to see if WinRM has been configured.
#
#
# WinRM get winrm/config/client
# WinRM get winrm/config/service


# Server side requirements
#    Service WinRM must be running
#   The WinRM server configuration must have credssp enabled
#     HKLM:\Software\Microsoft\WIndows\CurrentVersion\WSMAN\Service\
#       DWORD auth_credssp = 1
#       Memory limits “should” be in place for WinRM client connections:
#     HKLM:\Software\Microsoft\WIndows\CurrentVersion\WSMAN\Client\
#      MaxMemoryPerShellMB = 1000
#
# Client side requirements
#   Service WinRM must be running
#   The WinRM client configuration must have credssp enabled
#     HKLM:\Software\Microsoft\WIndows\CurrentVersion\WSMAN\Client\
#       DWORD auth_credssp = 1
#   Additional CredSSP configuration must be configured
#     HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation
#       DWORD AllowFreshCredentials = 1
#       DWORD ConcatenateDefaults_AllowFresh = 1
#    HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentials
#       1 = * or name of the SP Server

$myfarm="MyDC","MyTOOLS","MyEX2K10","MySQL2K5","MySQL2K8","MySQL2K12","MySP12","MySP14"

function OpenAndShowKeyValues { Param ([string] $SubKeyPath, [string] $OutputText)
  $SubKey = $objReg.OpenSubKey($SubKeyPath)
  if ($SubKey.ValueCount) {
      write-output "$OutputText"
      $vNames = $SubKey.GetValueNames()
      foreach ($vName in $vNames) {
         [string]$vData = $SubKey.GetValue($vName)
         write-output "   $vName = $vData"
      }
  }
}

function WinRMcheck { Param ($FarmServers)

  $WSMANpath    = "SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN"
  $AFCpath      = "SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentials"

  ForEach ($Server in $FarmServers) {
    $available = Test-Connection -ComputerName $Server -Quiet -Count 1
    if ($available) {
      Write-output "$Server"
      $WinRMsvc = Get-Service -ComputerName $Server | where { $_.Name -eq "WinRM"}
      if (!($WinRMsvc)) {
        write-output "WinRM feature not installed"
      }
      else {
        if ($WinRMsvc.Status -eq "Running") {
         $objReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$Server)
         $objRegKey= $objReg.OpenSubKey($WSMANpath)
         if ($objRegKey.ValueCount) {
           OpenAndShowKeyValues "$WSMANpath\Listener" "  WSMAN Listener configured"
           OpenAndShowKeyValues "$WSMANpath\Client"   "  WSMAN Client configured"
           OpenAndShowKeyValues "$WSMANpath\Service"  "  WSMAN Service configured"
#
#          now check if they had done
#          Enable-WSManCredSSP -role client -delegateComputer [namegoeshere]
#
           OpenAndShowKeyValues "$AFCpath" "  CredSSP delegates"
         }
        }
      }
     }
    }
}

WinRMcheck $myFarm

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment