Powershell 限制主机上的远程访问
我有三台windows 2008 R2服务器; DEV、UAT 和实时。我正在这些服务器之间部署 Web 应用程序,包括 IIS 设置和配置以及通过 PowerShell 脚本进行数据库备份和恢复。我使用 powershell 远程会话。 我想阻止除我的部署计算机之外的任何计算机在主机上创建 powershell 远程会话,即使用户已通过身份验证。这可能吗?
我广泛查看了 PSRemoting 文档,但找不到任何有用的内容。
提前致谢
I have three windows 2008 R2 servers; DEV, UAT and Live. I am deploying web apps between these servers, including IIS setup and config and database backup and restore via a PowerShell script. I use a powershell remote session.
I would like to prevent any machine, other than my deployment machine, from creating a powershell remote session on the host, even if the user is authenticated. Is this possible?
I have looked extensively through the PSRemoting documentation and can't find anything helpful.
Thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
阅读下面的链接以更好地了解需要做什么,但我认为您需要在远程服务器上设置受信任的主机。
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/02/23/remotely-managing-your-server-core-using-winrm-and-winrs.aspx
这是博客的摘录。
在 Windows 服务器核心盒上
其中 RemoteHost 是您希望能够连接到服务器的主机。
Read the below link to better understand what needs to be done but I think you need to set the trusted host on the remote servers.
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/02/23/remotely-managing-your-server-core-using-winrm-and-winrs.aspx
This is an excerp from the blog.
On the Windows server Core box
Where RemoteHost is the host you want to be able to connect to the server.
您还可以使用基于证书的身份验证。
http://blogs.msdn.com/b/wmi/archive/2009/03/23/how-to-use-wsman-config-provider-for-certificate-authentication.aspx
如果您只希望您的计算机能够连接,在您的计算机上安装证书,不要将其提供给其他任何人。
You can also use certificate-based authentication.
http://blogs.msdn.com/b/wmi/archive/2009/03/23/how-to-use-wsman-config-provider-for-certificate-authentication.aspx
If you only want your computer to be able to connect, install the certificate on your computer and don't give it to anyone else.
现在,这并不能回答您限制机器连接的问题。
但是,您可以通过更改 SessionConfiguration 的权限来配置允许哪些用户连接到会话。
使用的默认远程会话配置是
microsoft.powershell,如中所示。可以根据自己的喜好更改访问权限。
我真的很喜欢关于使用证书并仅允许 WinRM/SSL 的建议,因为这可以解决我在该领域遇到的问题。
Now, this doesn't anser you question of limiting connections by machine.
But, you can configure what users are allowed to connect to a session by changing the permissions of the SessionConfiguration.
The default remote session configuration used is
microsoft.powershellas shown inThe access permissions can be changed to your own liking.
I really like the suggestion about using certificates and only permitting WinRM/SSL, as that would solve an issue I'm having myself in that area.