3

I have three windows 2008 R2 servers; DEV, UAT and Live. I am deploying web apps between these servers, including IIS setup and config and database backup and restore via a PowerShell script. I use a powershell remote session. I would like to prevent any machine, other than my deployment machine, from creating a powershell remote session on the host, even if the user is authenticated. Is this possible?

I have looked extensively through the PSRemoting documentation and can't find anything helpful.

Thanks in advance

Dave Blue
  • 33
  • 1
  • 3

2 Answers2

2

Read the below link to better understand what needs to be done but I think you need to set the trusted host on the remote servers.

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/02/23/remotely-managing-your-server-core-using-winrm-and-winrs.aspx

This is an excerp from the blog.

On the Windows server Core box

Run the following commands on the console of the Server Core box to lower security:

WinRM set winrm/config/service/auth @{Basic="true"}
WinRM set winrm/config/client @{TrustedHosts="<local>"} 
WinRM set winrm/config/client @{TrustedHosts="RemoteHost"}

Where RemoteHost is the host you want to be able to connect to the server.

jamason1983
  • 419
  • 1
  • 3
  • 11
  • Hi, Thanks for the reply. Trustedhosts are used to prevent you from connecting to malicious machines and passing your credentials, not from preventing malicious clients from connecting to you. http://powershell.com/cs/media/p/7257.aspx#windows-powershell-remoting-technologies – Dave Blue Mar 03 '11 at 20:39
1

You can also use certificate-based authentication.

http://blogs.msdn.com/b/wmi/archive/2009/03/23/how-to-use-wsman-config-provider-for-certificate-authentication.aspx

If you only want your computer to be able to connect, install the certificate on your computer and don't give it to anyone else.

mjolinor
  • 66,130
  • 7
  • 114
  • 135