PowerShell的学习笔记(4)---- 如何在使用Enter-PSSession的时候解决TrustedHosts list的问题？

来源：互联网发布：淘宝退款怎么退一部分编辑：程序博客网时间：2024/06/05 14:13

我们有的时候，不能直接远程桌面登录另外一台Window机器，这个时候可以使用Enter-PSSession命令，通过PowerShell终端等到远程的Window机器，这个时候，就需要被访问的机器打开5985 或者5986 端口。默认情况下，Window 2008 Server或者Window 2012 Server会自动默认开启WinRM的服务器，从而暴露5985或者5986端口；但是如果所有的机器在一个域里面的话，http（5985端口）的方式就能直接访问，否则必须启用https（5986端口）的方式，在调用的过程中可能会遇到下面的错误：

解决方案就是，在执行Enter-PSSession命令的这端（注意不是目标机器一端）执行下面的命令：

Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.2.*

调用完之后，Enter-Session就能登录到远程的机器上去了。

下面在附上一些配置目标节点WinRM的命令：

1. Winrm

  winrm 

  winrm help auth

  winrm help uris       How to construct resource URIs.

  winrm help aliases    Abbreviations for URIs.

  winrm help config     Configuring WinRM client and service settings.

  winrm help certmapping Configuring client certificate access.

  winrm help remoting   How to access remote machines.

  winrm help auth       Providing credentials for remote access.

  winrm help input      Providing input to create, set, and invoke.

  winrm help switches   Other switches such as formatting, options, etc.

  winrm help proxy      Providing proxy information.

2. winrm get winrm/config/client

3. 如果上面的Auth schema的basic为false，我们可以通过下面的方式修改（cmd窗口中）

winrm set winrm/config/client/Auth @{Basic="true"}

winrm set winrm/config/service @{AllowUnencrypted="true"}

winrm set winrm/config/client @{AllowUnencrypted="true"}

winrm set winrm/config/client @{TrustedHosts="*"}

4.设置HTTPS的默认端口（在Powershell中为无效的命令，但是在CMD中可以生效）

winrm set winrm/config/client/DefaultPorts @{HTTPS="443"}

在PowerShell窗口中，需要加上单引号 ‘’
winrm set winrm/config/client/DefaultPorts ‘@{HTTPS="443"}’

5. 需要在cmd窗口，而不是PowerShell窗口

winrm set winrm/config/client @{TrustedHosts="*"}
在PowerShell窗口中，需要加上单引号
winrm set winrm/config/client ‘@{TrustedHosts=”*”}’
winrm set winrm/config/service ‘@{EnableCompatibilityHttpListener="true"}'

6.Set-WSManQuickConfig -SkipNetworkProfileCheckWhen you connect your network, it gets set to Public, Private, or Domain. If the current profile is set to Public, Set-WSManQuickConfig will fail with that message. You can either change it (if the system will let you) or skip the profile check.

7. 查看winrm的配置PS C:\DSC> winrm get winrm/config
Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = true
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts = *
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = true
        Auth
            Basic = true
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = true
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 2147483647
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 2147483647
        MaxMemoryPerShellMB = 2147483647
        MaxShellsPerUser = 2147483647

阅读全文

1 0