Error rendering macro 'rw-search'

null

Downloads

Versions Compared

Old Version 2

changes.mady.by.user lukas thoma

Saved on

compared with

New Version 3

changes.mady.by.user markus sablatnig [panagenda]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

→ example is based for using a self-signed certificate on the Windows Host

Configuration

Enabling RemotePowerShell (unencrypted communication should not be allowed in this UseCase)

...

  • Enable-PSRemoting –force
  • set-item -force WSMan:\localhost\Service\Auth\Basic $true
  • set-item -force WSMan:\localhost\Client\AllowUnencrypted $false
  • set-item -force WSMan:\localhost\Service\AllowUnencrypted $false

 


Check if there are already Certificates in the Certificate Store (open Powershell on Host)

...

you should get a list of certificates back (otherwise the list is just empty)

 


Import Certificate (with PowerShell) - CER

...

you should get something like this

 


For PFX, use the command

Import-PfxCertificate -FilePath "<path to pfx>" -CertStoreLocation Cert:\LocalMachine\My -Verbose 


Create Self Signed Certificate

  • New-SelfSignedCertificate -DnsName <hostname> -CertStoreLocation Cert:\LocalMachine\My

...

 



Now we have imported or created a selfsigned certificate which can be used for the Remote PS Call

 


Next Steps explain how you connect the certificate with the WS-MAN remoting

 


Copy  the correct Thumbprint from Store

  • Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint -AutoSize
  • copy the ThumbPrint you want to use

...


Open command prompt (with cmd)

    • winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="<hostname>"; CertificateThumbprint="<your thumbprint >"}

 


This binds now the certificate with HTTPS on the Host

Please adjust the Address and Hostname parameter based on your needs! If you use a Wildcard SSL certificated, make sure that hostname is equal the CN name in the certificate

 


In case a listener with the same Address and HTTPS is configured, please make sure you clean it up first

...

  • winrm delete winrm/config/Listener?Address=*+Transport=HTTPS

 

 



Inbound Firewall Setting

Make sure that Inbound connection to TCP Port 5986 is allowed on the Windows Host ! 


Last Step is the GreenLight Config

The Only thing which you need to do is to configure the right Authentication Profile

Use https as the protocol and Port 5986

 


Test the Connection ....If everything is correct, you should get a "Success Message" back

 


Assign this Authentication Profile now to an Windows Host within GreenLight