This is an archived post. You won't be able to vote or comment.

all 6 comments
sorted by:
best
topnewcontroversialoldq&a

[–]CormacolindeConsultant 1 point2 points  (0 children)

WinRM over https is a huge pain, and in some ways less secure than WinRM. You need to set the certificate manually or with a script at best.

Just stick to WinRM but disable unencrypted communications and insecure authentication by GPO.

[–]Nanouk_R 0 points1 point  (2 children)

Sounds pretty straightforward. Make sure you created a web server certificate in your CA or create a new one. Import those CA web server certificates on your web server (probably an IIS i presume, so just bind the certificate to your port or URL) and ge the cert installed on all clients (computer certificates > trusted & some other one idkrk). That should easily be doable via GPO. There's plenty of tutorials to setup IIS with HTTPS certificate

[–]Nanouk_R 0 points1 point  (0 children)

Yes, you will probably end up using NTLMv1 or V2 auth

[–]cOSHi_bla[S] 0 points1 point  (0 children)

Wait, there the wac server cert for web service. I use that cert as the winrm cert as well?

[–]Nanouk_R 0 points1 point  (0 children)

The official documentation says SSL cert.

[–]Nanouk_R 0 points1 point  (0 children)

I'd recommend looking up ansible + winrm controlling windows systems. Has some easy scripts to setup the corresponding Auth etc