From c52ae15e07ae8cc6c25181f42f0334b3f11dc1d9 Mon Sep 17 00:00:00 2001
From: Nicole Rappe <nicole.rappe@bunny-lab.io>
Date: Wed, 31 Jul 2024 18:52:16 -0600
Subject: [PATCH] Add Docker & Kubernetes/Servers/AWX/AWX Operator/Enable
 Kerberos WinRM.md

---
 .../AWX/AWX Operator/Enable Kerberos WinRM.md | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md

diff --git a/Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md b/Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md
new file mode 100644
index 0000000..ed1ca91
--- /dev/null
+++ b/Docker & Kubernetes/Servers/AWX/AWX Operator/Enable Kerberos WinRM.md	
@@ -0,0 +1,40 @@
+**Purpose**: You will need to enable secure WinRM management of the Windows devices you are running playbooks against, as compared to the Linux devices.  The following powershell script needs to be ran on every Windows device you intend to run Ansible playbooks on:
+
+``` powershell
+# Script to configure WinRM over HTTPS on the Hyper-V host
+
+# Ensure WinRM is enabled
+Write-Host "Enabling WinRM..."
+winrm quickconfig -force
+
+# Generate a self-signed certificate (Optional: Use your certificate if you have one)
+$cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "hyperv-host.local"
+$certThumbprint = $cert.Thumbprint
+
+# Delete existing HTTPS listener if it exists
+Write-Host "Removing existing HTTPS listener if it exists..."
+$existingListener = (winrm enumerate winrm/config/listener | Select-String -Pattern "Transport=HTTPS")
+if ($existingListener) {
+    winrm delete winrm/config/Listener?Address=*+Transport=HTTPS
+}
+
+# Create a new HTTPS listener
+Write-Host "Creating a new HTTPS listener..."
+$listenerCmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"hyperv-host.local`"; CertificateThumbprint=`"$certThumbprint`"}'"
+Invoke-Expression $listenerCmd
+
+# Set TrustedHosts to allow connections from the Ansible control node
+# Replace "ansible_control_node_ip" with the IP address of your Ansible control node
+$trustedHosts = "ansible_control_node_ip"
+Write-Host "Setting TrustedHosts to $trustedHosts..."
+winrm set winrm/config/client '@{TrustedHosts="' + $trustedHosts + '"}'
+
+# Enable the firewall rule for WinRM over HTTPS
+Write-Host "Enabling firewall rule for WinRM over HTTPS..."
+$existingFirewallRule = Get-NetFirewallRule -DisplayName "WinRM HTTPS" -ErrorAction SilentlyContinue
+if (-not $existingFirewallRule) {
+    New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" -DisplayName "WinRM HTTPS" -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5986 -RemoteAddress Any -Action Allow
+}
+
+Write-Host "Configuration complete. The Hyper-V host is ready for remote management over HTTPS."
+```
\ No newline at end of file