Update Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md

Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md

@@ -40,7 +40,7 @@ Write-Host "Creating a new HTTPS listener..."
 $listenerCmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"hyperv-host.local`"; CertificateThumbprint=`"$certThumbprint`"}'"
 Invoke-Expression $listenerCmd
 
-# Set TrustedHosts to allow connections from any IP address
+# Set TrustedHosts to allow connections from any IP address (adjust as needed for security)
 Write-Host "Setting TrustedHosts to allow any IP address..."
 winrm set winrm/config/client '@{TrustedHosts="*"}'
 
@@ -51,5 +51,21 @@ if (-not $existingFirewallRule) {
     New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" -DisplayName "WinRM HTTPS" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5986 -RemoteAddress Any -Action Allow
 }
 
-Write-Host "Configuration complete. The Hyper-V host is ready for remote management over HTTPS."
+# Ensure Kerberos authentication is enabled
+Write-Host "Enabling Kerberos authentication for WinRM..."
+winrm set winrm/config/service/auth '@{Kerberos="true"}'
+
+# Configure the WinRM service to use HTTPS and Kerberos
+Write-Host "Configuring WinRM service to use HTTPS and Kerberos..."
+winrm set winrm/config/service '@{AllowUnencrypted="false"; MaxMemoryPerShellMB="1024"; MaxProcessesPerShell="25"; MaxConcurrentUsers="10"; MaxShellsPerUser="30"}'
+
+# Configure the WinRM client to use Kerberos
+Write-Host "Configuring WinRM client to use Kerberos..."
+winrm set winrm/config/client/auth '@{Kerberos="true"}'
+
+# Ensure the PowerShell execution policy is set to allow running scripts
+Write-Host "Setting PowerShell execution policy to RemoteSigned..."
+Set-ExecutionPolicy RemoteSigned -Force
+
+Write-Host "Configuration complete. The Hyper-V host is ready for remote management over HTTPS with Kerberos authentication."
 ```