WinRM: Security Question
-
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.
Do they not have any other remote management system in place of any kind?
Almost anything would be better than driving across town.We are using Manage Engine for remote -
-
@gjacobse said in WinRM: Security Question:
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.
Do they not have any other remote management system in place of any kind?
Almost anything would be better than driving across town.We are using Manage Engine for remote -
Does ME not have the ability to run commands on the machines? I know SC and MC both do.
-
@dashrender said in WinRM: Security Question:
The same ones for SSH, only those that affect remote powershell
Yeah, that's the point that I'm getting at. While, yes, making WinRM available and using remote PowerShell is a potential vector for attack, preventing management automation seems like a greater risk.
-
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.
Do they not have any other remote management system in place of any kind?
Almost anything would be better than driving across town.We are using Manage Engine for remote -
Does ME not have the ability to run commands on the machines? I know SC and MC both do.
But don't SC and MC both require Agents? If you need to have an Agent installed then doesn't that make WinRM unnecessary?
-
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.
Do they not have any other remote management system in place of any kind?
Almost anything would be better than driving across town.We are using Manage Engine for remote -
Does ME not have the ability to run commands on the machines? I know SC and MC both do.
I wonder the same.
-
While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.
-
@dafyre said in WinRM: Security Question:
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.
Do they not have any other remote management system in place of any kind?
Almost anything would be better than driving across town.We are using Manage Engine for remote -
Does ME not have the ability to run commands on the machines? I know SC and MC both do.
But don't SC and MC both require Agents? If you need to have an Agent installed then doesn't that make WinRM unnecessary?
of course, no one said anything different.
-
@gjacobse said in WinRM: Security Question:
While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.
Well that sucks... so yeah.. you'll have to interrupt the user, remote GUI - and run the command.
but at least you're not driving across town. -
If they can't keep their systems patched, then sure. But if that's the case it doesn't matter anyways. If it's not an issue to keep their devices patched properly, then it can be on. Additionally, you could configure the firewalls for devices to only allow connections from a bastion host.
-
@gjacobse said in WinRM: Security Question:
While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.
https://www.manageengine.com/products/free-windows-tools/free-remote-command-prompt-tool.html
-
-
-
@gjacobse said in WinRM: Security Question:
@stacksofplates said in WinRM: Security Question:
Thanks -
Guess it will have to do... sigh.I wonder if you can run powershell scripts by typing powershell first?
Is there a way to copy files to the computers with ME?
-
@dashrender said in WinRM: Security Question:
@gjacobse said in WinRM: Security Question:
@stacksofplates said in WinRM: Security Question:
Thanks -
Guess it will have to do... sigh.I wonder if you can run powershell scripts by typing powershell first?
Is there a way to copy files to the computers with ME?
Seems like it is possible.