Shared Points

items of some interest

SharePoint - is WinRM configured for remotePS?

SharePoint - is WinRM configured for remotePS?

  • Comments 1
  • Likes

# WinRMcheck.ps1
# check the registry keys on the target server to see if WinRM has been configured.

Set-StrictMode -Version latest
#Requires -RunAsAdministrator

# WinRM get winrm/config/client
# WinRM get winrm/config/service

# Server side requirements
# Service WinRM must be running
# The WinRM server configuration must have credssp enabled
# HKLM:\Software\Microsoft\WIndows\CurrentVersion\WSMAN\Service\
# DWORD auth_credssp = 1
# Memory limits “should” be in place for WinRM client connections:
# HKLM:\Software\Microsoft\WIndows\CurrentVersion\WSMAN\Client\
# MaxMemoryPerShellMB = 1000
#
# Client side requirements# Service WinRM must be running
# The WinRM client configuration must have credssp enabled
# HKLM:\Software\Microsoft\WIndows\CurrentVersion\WSMAN\Client\
# DWORD auth_credssp = 1
# Additional CredSSP configuration must be configured
# HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation
# DWORD AllowFreshCredentials = 1
# DWORD ConcatenateDefaults_AllowFresh = 1
# HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentials
# 1 = * or name of the SP Server

 

 
function OpenAndShowKeyValues { Param ([string] $SubKeyPath, [string] $OutputText)
  try {
   $SubKey = $objReg.OpenSubKey($SubKeyPath)
   if ($SubKey.ValueCount) {
     write-output "$OutputText (YES)"
     $vNames = $SubKey.GetValueNames()
     foreach ($vName in $vNames) {
       [string]$vData = $SubKey.GetValue($vName)
       write-output " $vName = $vData"
     }
   }
   else {
     write-output "$OutputText (NO)"
   }
  }
  catch{"$_"}
}

function WinRMcheck { Param ($FarmServers)
  $WSMANpath = "SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN"
  $AFCpath = "SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentials"
  ForEach ($Server in $FarmServers) {
    $available = Test-Connection -ComputerName $Server -Quiet -Count 1
    if ($available) {
      Write-output "$Server"
     
try {
        $WinRMsvc = Get-Service -ComputerName $Server | where { $_.Name -eq "WinRM"}
        if (!($WinRMsvc)) {
          write-output "WinRM feature not installed"
        }
        else {
          if ($WinRMsvc.Status -eq "Running") {
            $objReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$Server)
            $objRegKey= $objReg.OpenSubKey($WSMANpath)
            if ($objRegKey.ValueCount) {
               OpenAndShowKeyValues "$WSMANpath\Listener" " WSMAN Listener configured"
               OpenAndShowKeyValues "$WSMANpath\Client" " WSMAN Client configured"
               OpenAndShowKeyValues "$WSMANpath\Service" " WSMAN Service configured"

#
# now check if they had done
# Enable-WSManCredSSP -role client -delegateComputer [namegoeshere]
#
              
OpenAndShowKeyValues "$AFCpath" " CredSSP delegates"
           }
         }
        }
      }
      catch{"$_"}
    }
  }
}

 

WinRMcheck "MyDC","MyTOOLS","MySQL2K12","MySP14"

Comments
  • Very good information. Thank sharing.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment