Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
 All Forums
 HALP! Questions on Windows and Windows Server
 PowerShell
 PSRemoting

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Note: please do not cross-post.
Cross-postings will be deleted and ignored.
Thanks for helping to keep this forum junk-free!
 Check here to subscribe to this topic.
   

T O P I C    R E V I E W
Nobody Posted - 04/11/2012 : 11:29:17 PM
Are there any good reasons not enable PSRemoting? Specifically in a large enterprise. Servers and workstations?
5   L A T E S T    R E P L I E S    (Newest First)
JeffWouters Posted - 04/12/2012 : 3:29:07 PM
My execution policy on my laptop is set to bypass... but in customer environments it's always "signed" :-)
Nobody Posted - 04/12/2012 : 11:55:45 AM
I'm already hanging my head in shame. My execution policy is now remotesigned.
Nobody Posted - 04/12/2012 : 11:45:49 AM
I'm going to request that we enable it, but I want to be prepared to stand my ground. I couldn't really find any good reasons not to. JHicks nailed it, in that what isn't understood is feared. Around here they'd take away our toilet paper if they knew we were using it.

I am guilty of setting execution policy to unrestricted on my workstation, but I haven't had a need to change it on remote machines. I know this is an area I need to work on. Learning about_signing is right at the top of my powershell list.

Thanks for the feedback!
jhicks Posted - 04/12/2012 : 10:46:20 AM
I think in an enterprise environment PowerShell remoting is almost required. It is much more secure and network friendly. I think many network admins fear it because they don't fully understand it. The best approach is to use Group Policy to configure remoting, the listener and the necessary firewall ports. If you are never going to run a script in a remote session, you can leave the execution policy for remote machines as Restricted. You can run all the scripts you want from your desktop and securely manage remote machines.
JeffWouters Posted - 04/12/2012 : 12:49:52 AM
Hi Matt,
It's pretty secure (haven't encountered a security breach due to that) though I find that the documentation about this is a bit lacking in my opinion...
A few tips though:
1) Enable script execution for signed scripts and please don't set it to "Unrestricted" ;-)
2) By using "set-item wsman:localhost\client\trustedhosts -value mgmtserver01" you can set up that only mgmtserver01 is allowed to remote to this machine.
3) On older (XP) systems, set the following local policy to "Classic": Security Settings > Local Policies > Security Options > Network Access: Sharing and Security Model for local accounts

In my opinion the benefits for an admin/consultant of PowerShell Remoting are just plain amazing :-D

Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.09 seconds. Snitz Forums 2000