CODEWITHSUNDEEP
powershellpowershell-remoting
Dave Blue
Dave Blue

Reputation: 33

Powershell restrict Remote access on Host

I have three windows 2008 R2 servers; DEV, UAT and Live. I am deploying web apps between these servers, including IIS setup and config and database backup and restore via a PowerShell script. I use a powershell remote session. I would like to prevent any machine, other than my deployment machine, from creating a powershell remote session on the host, even if the user is authenticated. Is this possible?

I have looked extensively through the PSRemoting documentation and can't find anything helpful.

Thanks in advance

Upvotes: 3

Views: 2825

Answers (3)

Dennis
Dennis

Reputation: 1782

Now, this doesn't anser you question of limiting connections by machine.

But, you can configure what users are allowed to connect to a session by changing the permissions of the SessionConfiguration.

The default remote session configuration used is microsoft.powershell as shown in

Get-PsSessionConfiguration

The access permissions can be changed to your own liking.

Set-PsSeesionConfiguration -Name microsoft.powershell -ShowSecurityDescriptorUI

I really like the suggestion about using certificates and only permitting WinRM/SSL, as that would solve an issue I'm having myself in that area.

Upvotes: 0

mjolinor
mjolinor

Reputation: 68273

You can also use certificate-based authentication.

http://blogs.msdn.com/b/wmi/archive/2009/03/23/how-to-use-wsman-config-provider-for-certificate-authentication.aspx

If you only want your computer to be able to connect, install the certificate on your computer and don't give it to anyone else.

Upvotes: 1

jamason1983
jamason1983

Reputation: 441

Read the below link to better understand what needs to be done but I think you need to set the trusted host on the remote servers.

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/02/23/remotely-managing-your-server-core-using-winrm-and-winrs.aspx

This is an excerp from the blog.

On the Windows server Core box

Run the following commands on the console of the Server Core box to lower security:

WinRM set winrm/config/service/auth @{Basic="true"}
WinRM set winrm/config/client @{TrustedHosts="<local>"} 
WinRM set winrm/config/client @{TrustedHosts="RemoteHost"}

Where RemoteHost is the host you want to be able to connect to the server.

Upvotes: 2

Related Questions