diff --git a/Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md b/Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md index 85dfcca..cc38a70 100644 --- a/Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md +++ b/Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md @@ -40,7 +40,7 @@ Write-Host "Creating a new HTTPS listener..." $listenerCmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"hyperv-host.local`"; CertificateThumbprint=`"$certThumbprint`"}'" Invoke-Expression $listenerCmd -# Set TrustedHosts to allow connections from any IP address +# Set TrustedHosts to allow connections from any IP address (adjust as needed for security) Write-Host "Setting TrustedHosts to allow any IP address..." winrm set winrm/config/client '@{TrustedHosts="*"}' @@ -51,5 +51,21 @@ if (-not $existingFirewallRule) { New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" -DisplayName "WinRM HTTPS" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5986 -RemoteAddress Any -Action Allow } -Write-Host "Configuration complete. The Hyper-V host is ready for remote management over HTTPS." +# Ensure Kerberos authentication is enabled +Write-Host "Enabling Kerberos authentication for WinRM..." +winrm set winrm/config/service/auth '@{Kerberos="true"}' + +# Configure the WinRM service to use HTTPS and Kerberos +Write-Host "Configuring WinRM service to use HTTPS and Kerberos..." +winrm set winrm/config/service '@{AllowUnencrypted="false"; MaxMemoryPerShellMB="1024"; MaxProcessesPerShell="25"; MaxConcurrentUsers="10"; MaxShellsPerUser="30"}' + +# Configure the WinRM client to use Kerberos +Write-Host "Configuring WinRM client to use Kerberos..." +winrm set winrm/config/client/auth '@{Kerberos="true"}' + +# Ensure the PowerShell execution policy is set to allow running scripts +Write-Host "Setting PowerShell execution policy to RemoteSigned..." +Set-ExecutionPolicy RemoteSigned -Force + +Write-Host "Configuration complete. The Hyper-V host is ready for remote management over HTTPS with Kerberos authentication." ``` \ No newline at end of file