Otu esi ejikwa PC gị na ekwentị mkpanaaka site na iji PowerShell Remote

Ị nwere ike iji PowerShell rụọ ọrụ ọtụtụ ọrụ na mpaghara, mana ebee ka ị nọ n'ezie PowerShell Remote na-eme ihe dị iche Ọ bụ mgbe ị na-agba ọsọ iwu na igwe dịpụrụ adịpụ, ma ọ bụ ole na ole ma ọ bụ narị narị, na mmekọrịta ma ọ bụ n'otu oge. Teknụzụ a, dị kemgbe Windows PowerShell 2.0 ma kwalite kemgbe 3.0, dabere na WS-Management (WinRM) wee tụgharịa. PowerShell n'ime ọwa njikwa dịpụrụ adịpụ siri ike, nke nwere ike ịbelata na nchekwa.

Nke mbụ, ọ dị mkpa ịghọta isi echiche abụọ: cmdlets with - Oke aha kọmputa (dịka ọmụmaatụ, Get-Process or Get-Service) abụghị ụzọ ogologo oge nke Microsoft kwadoro, na PowerShell Remoting anaghị arụ ọrụ dị ka "mbanye anataghị ikike." N'ezie, na-amanye nkwenye otu, nyochaa ndekọ ma na-asọpụrụ ikike ị na-emebu, na-enweghị echekwa nzere ma ọ bụ na-eme ihe ọ bụla nwere nnukwu ohere.

Kedu ihe bụ Remote PowerShell na gịnị kpatara eji ya?

con Iweghachite PowerShell ị nwere ike Mee ihe fọrọ nke nta ka ọ bụrụ iwu ọ bụla remotely na ị nwere ike ịmalite na nnọkọ mpaghara, site na ọrụ ịjụ ajụjụ ruo na-ebuga nhazi, wee mee ya na narị otu narị kọmputa ozugbo. N'adịghị ka cmdlet na-anabata -ComputerName (ọtụtụ na-eji DCOM/RPC), Mwepụ na-eme njem site na WS-Man (HTTP/HTTPS), nke na-enwekwu enyi na enyi na firewall, na-enye ohere ịmekọrịta na nbudata na-arụ ọrụ na onye ọbịa dịpụrụ adịpụ, ọ bụghị onye ahịa.

Nke a tụgharịrị gaa na uru atọ bara uru: ịrụ ọrụ ka mma na oke ogbugbu, obere esemokwu na netwọk nwere iwu mgbochi yana ụdị nchekwa dabara na Kerberos/HTTPS. Ọzọkwa, site na ịdabere na cmdlet ọ bụla iji mejuputa ebe dịpụrụ adịpụ nke ya, Remote Ọ na-arụ ọrụ maka edemede ma ọ bụ ọrụ ọ bụla nke dị na ebe a na-aga.

Site na ndabara, Windows Sava na nso nso a na-abịa na Remote a nyeere; na Windows 10/11 ị rụọ ọrụ ya ya na otu cmdlet. Ma ee, ị nwere ike iji nzere ọzọ, nnọkọ na-adịgide adịgide, ebe njedebe omenala, na ndị ọzọ.

Mara: Mwepụ anaghị ejikọta na imepe ihe niile. Na ndabara, naanị ndị nchịkwa Ha nwere ike jikọọ, a na-emekwa omume n'okpuru njirimara ha. Ọ bụrụ na ịchọrọ ndị nnọchi anya nke ọma, njedebe omenala na-enye gị ohere ikpughe naanị iwu ndị dị mkpa.

Otu esi arụ ọrụ n'ime: WinRM, WS-Man na ọdụ ụgbọ mmiri

PowerShell Remote na-arụ ọrụ n'ụdị ihe nkesa ahịa. Onye ahịa na-eziga arịrịọ WS-Management site na HTTP (5985/TCP) ma ọ bụ HTTPS (5986/TCP). Na ebumnuche, ọrụ Windows Remote Management (WinRM) na-ege ntị, na-edozi njedebe njedebe (nhazi oge), ma na-akwado nnọkọ PowerShell na ndabere (usoro wsmprovhost.exe), na-eweghachi onye ahịa nsonaazụ nsoro na XML site na SOAP.

Oge mbụ ị na-eme ka Remoting, a na-ahazi ndị na-ege ntị, a na-emeghe ewepu firewall kwesịrị ekwesị, na-emepụta nhazi oge. Site na PowerShell 6+, ọtụtụ mbipụta na-ebikọ ọnụ, yana Kwadoro-Gbasaa Na-edeba akara njedebe na aha na-egosipụta ụdịdị ahụ (dịka ọmụmaatụ, PowerShell.7 na PowerShell.7.xy).

Ọ bụrụ na ị na-ahapụ naanị HTTPS na gburugburu gị, ị nwere ike ịmepụta a onye na-ege nti nwere asambodo CA tụkwasịrị obi nyere (atụ aro). N'aka nke ọzọ, ọzọ bụ iji TrustedHosts n'ụzọ nwere oke, ihe ize ndụ, maka ọnọdụ otu ọrụ ma ọ bụ kọmputa na-abụghị ngalaba.

Mara na Powershell Remoting nwere ike ibikọ na cmdlet nwere -ComputerName, mana Microsoft na-akwado WS-Man dị ka ọkọlọtọ na n'ọdịnihu-egosi ụzọ maka ime obodo.

Na-eme ka mwepu PowerShell na ihe ndị bara uru

Na Windows, mepee PowerShell dị ka onye nchịkwa wee gbaa ọsọ Kwadoro-Gbasaa. Usoro ahụ na-amalite WinRM, na-ahazi autostart, na-enyere onye na-ege ntị aka, ma mepụta iwu firewall kwesịrị ekwesị. Na ndị ahịa nwere profaịlụ netwọkụ ọha, ị nwere ike kpachaara anya hapụ nke a -SkipNetworkProfileCheck (ma wee jiri iwu ndị a kapịrị ọnụ kwalite):

Enable-PSRemoting
Enable-PSRemoting -Force
Enable-PSRemoting -SkipNetworkProfileCheck -Force

 

The syntax na-enye ohere, -Kwenye y -Ọ bụrụ na maka njikwa mgbanwe. Cheta: Ọ dị naanị na Windows, ma ị ga-agbarịrị njikwa elu. Iwu emepụtara dị iche n'etiti mbipụta nkesa na nke ndị ahịa, ọkachasị na netwọkụ ọha, ebe na ndabara ha na-ejedebe na subnet mpaghara ọ gwụla ma ị gbasaa oke (dịka ọmụmaatụ, yana Set-NetFirewallRule).

Ka ịdepụta nhazi oge edekọlarị wee gosi na ihe niile adịla njikere, jiri Nweta-PSSessionConfigurationỌ bụrụ na ebe njedebe PowerShell.x na Workflow pụtara, usoro mwepụ na-arụ ọrụ.

Ụdị ojiji: 1 ruo 1, 1 ruo ọtụtụ, yana nnọkọ na-adịgide adịgide

Mgbe ịchọrọ console mmekọrịta n'otu kọmputa, tụgharịa gaa Tinye-PSSessionNgwa ngwa ga-apụta, na ihe niile ị na-eme ga-aga na remote host. Ị nwere ike iji nweta-Credential jiri nzere ọzọ iji zere ịbanyeghachi ha mgbe niile:

$cred = Get-Credential
Enter-PSSession -ComputerName dc01 -Credential $cred
Exit-PSSession

Ọ bụrụ na ihe ị na-achọ bụ izipu iwu na kọmputa dị iche iche n'otu oge, ngwá ọrụ ahụ bụ Iwu ikpesa ya na ngọngọ script. Site na ndabara, ọ na-ebupụta ihe ruru njikọ 32 na-emekọ ọnụ (nwere ike imezi ya na -ThrottleLimit). E weghachiri nsonaazụ ya dị ka ihe deserialized (na-enweghị usoro “dị ndụ”):

Invoke-Command -ComputerName dc01,sql02,web01 -ScriptBlock { Get-Service -Name W32Time } -Credential $cred

Achọrọ ịkpọku usoro dịka .Kwụsị() ma ọ bụ .Malite()? Mee ya. n'ime scriptblock n'ime ime obodo, ọ bụghị mpaghara deserialized ihe, na ọ bụ ya. Ọ bụrụ na enwere cmdlet (Stop-Service/Start Service), ọ na-akacha mma iji ya maka idoanya.

Ka ịzena ọnụ ahịa mmalite na ngwụcha nnọkọ na oku ọ bụla, mepụta a PSSession na-adịgide adịgide ma jiri ya mee ihe n'ofe arịrịọ dị iche iche. Jiri Ọhụụ-PSSession ka imepụta njikọ ahụ, wee jiri nnọkọ ịkpọku-Command-Session ka ijikwa ọwara ahụ ọzọ. Echefula imechi ya na Wepụ-PSSession mgbe ịmechara.

Serialization, oke na ezi omume

Otu nkọwa dị mkpa: mgbe ị na-eme njem, ihe "+ gbawara agbawa" wee rute dị ka deserialized snapshots, na akụrụngwa ma ọ dịghị ụzọ. Nke a bụ ụma na-echekwa bandwidth, mana ọ pụtara na ị nweghị ike iji ndị otu na-eme mgbagha (dị ka .Kill()) na nnomi mpaghara. Ihe ngwọta doro anya: kpọọ usoro ndị ahụ. remotot ma ọ bụrụ na ị chọrọ naanị ụfọdụ ubi, jiri Họrọ-Ihe iji zipu obere data.

N'edemede, zere Tinye-PSSession (ezubere maka iji mmekọrịta) wee jiri Invoke-Command nwere ngọngọ edemede. Ọ bụrụ na ị na-atụ anya ọtụtụ oku ma ọ bụ mkpa idobe steeti (mgbanwe, modul ebubata), jiri oge na-adịgide adịgide na, ọ bụrụ na ọdabara, wepụ/jikọọ ha na Disconnect-PSSession/Connect-PSSession na PowerShell 3.0+.

Nyocha, HTTPS, na Ihe ngosi ngalaba

N'ime ngalaba, njirimara nwa amaala bụ Kerberos Na ihe niile na-asọpụta. Mgbe ngwaọrụ enweghị ike ịchọpụta aha nkesa, ma ọ bụ jikọọ na CNAME IP ma ọ bụ utu aha, ịchọrọ otu n'ime nhọrọ abụọ a: 1) Onye na-ege ntị. HTTPS nwere asambodo nke CA ị tụkwasịrị obi, ma ọ bụ 2) tinye ebe (aha ma ọ bụ IP) na TrustedHosts na jiri nzereNhọrọ nke abụọ na-ewepụ nkwenye ọnụ maka onye ọbịa ahụ, ya mere ọ na-ebelata oke ahụ ruo kacha nta dị mkpa.

Ịtọlite ​​​​onye na-ege ntị HTTPS chọrọ asambodo (nke sitere na PKI ma ọ bụ CA ọha), etinyere na ụlọ ahịa otu yana jikọtara na WinRM. A na-emeghe Port 5986/TCP na firewall na, site na onye ahịa, ejiri ya. -Jiri SSL n'ime cmdlets dịpụrụ adịpụ. Maka njirimara asambodo ndị ahịa, ị nwere ike mapụta asambodo na akaụntụ mpaghara wee jikọọ na ya -SertificateThumbprint (Tinye-PSSession anaghị anabata nke a ozugbo; buru ụzọ mepụta nnọkọ na New-PSSession.)

Hop nke abụọ na ndị nnọchiteanya nke nzere

“Hop abụọ a ma ama” na-apụta mgbe, mgbe ị jikọọ na ihe nkesa, ịchọrọ ihe nkesa ahụ iji nweta a akụ nke atọ n'aha gị (dịka ọmụmaatụ, òkè SMB). Enwere ụzọ abụọ iji kwe ka nke a: CredSSP na ndị nnọchi anya Kerberos amachibidoro akụrụngwa.

con CredSSP Ị na-eme ka onye ahịa na onye na-emekọrịta ihe nyefee nzere n'ụzọ doro anya, ma ị debere amụma (GPO) iji nye ndị nnọchiteanya aka na kọmpụta. Ọ na-adị ngwa ịhazi, mana ọ dịchaghị nchebe n'ihi na nzere na-aga na ederede doro anya n'ime ọwara ezoro ezo. Machie isi mmalite na ebe ị ga-aga.

Nhọrọ kacha mma na ngalaba bụ amachibidoro ndị nnọchi anya Kerberos (ndị nnọchi anya amachibidoro akụrụngwa) na AD ọgbara ọhụrụ. Nke a na-enye ohere njedebe ka ọ dabere na ịnweta ndị nnọchiteanya sitere na etiti etiti maka ọrụ ụfọdụ, na-ezere ikpughe njirimara gị na njikọ mbụ. Chọrọ ndị njikwa ngalaba nso nso a yana RSAT emelitere.

Ebe njedebe omenala (Nhazi Oge)

Otu n'ime bara nnukwu uru nke Remote bụ inwe ike ịdebanye aha njikọ njikọ na ahaziri ike na oke. Mbụ ị ga-ebupụta faịlụ na New-PSSessionConfigurationFile (modul iji buo ya, ọrụ a na-ahụ anya, utu aha, ExecutionPolicy, LanguageMode, wdg), wee debanye aha ya na Register-PSSessionConfiguration, ebe ị nwere ike ịtọ GbaaAsCredential na ikike (SDDL ma ọ bụ GUI interface nwere -ShowSecurityDescriptorUI).

Maka ndị nnọchi anya nchekwa, kpughee naanị ihe dị mkpa na -VisibleCmdlets/-VisibleFunctions wee gbanyụọ edemede efu ma ọ bụrụ na ọ dabara na ya. Asụsụ Amachibidoro Ụdị Asụsụ ma ọ bụ NoLanguage. Ọ bụrụ na ịhapụ FullLanguage, mmadụ nwere ike iji ngọngọ script wee kpọọ iwu ekpughere, nke jikọtara ya na RunAs, ọ ga-abụ oghere. Jiri mbo eze dị mma chepụta ebe ngwụcha ndị a wee detuo oke ha.

Ngalaba, GPOs, na Groupware

Na AD ị nwere ike ibuga Powershell Remoting n'ogo na GPO: kwe ka nhazi akpaka nke ndị na-ege WinRM, tọọ ọrụ ka ọ bụrụ akpaaka, ma mepụta ewepu firewall. Cheta na GPO na-agbanwe ntọala, mana ọ bụghị mgbe niile ka ha na-agbanye ọrụ ozugbo; Mgbe ụfọdụ ịkwesịrị ịmalitegharị ma ọ bụ manye gpupdate.

Na otu ọrụ (na-abụghị ngalaba), hazie Remote na Kwadoro-Gbasaa, tọọ TrustedHosts na onye ahịa (winrm set winrm/config/client @{TrustedHosts=»host1,host2″}) wee jiri nzere mpaghara. Maka HTTPS, ị nwere ike ibugo asambodo ejiri aka gị bịa, n'agbanyeghị na akwadoro iji CA ntụkwasị obi na kwadoro aha ahụ nke ị ga-eji na -ComputerAha na asambodo (CN/SAN match).

Isi cmdlets na syntax

Ọnụ ọgụgụ nke Commandos na-ekpuchi 90% nke ọnọdụ kwa ụbọchị. Ka ịgbanwuo/gbanyụọ:

Enable-PSRemoting    
Disable-PSRemoting

Oge mmekọrịta 1 ruo 1 wee pụọ:

Enter-PSSession -ComputerName SEC504STUDENT 
Exit-PSSession

1 maka ọtụtụ, na myirịta na nzere:

Invoke-Command -ComputerName dc01,sql02,web01 -ScriptBlock { Get-Service W32Time } -Credential $cred

Oge na-adịgide adịgide ma megharịa:

$s = New-PSSession -ComputerName localhost -ConfigurationName PowerShell.7
Invoke-Command -Session $s -ScriptBlock { $PSVersionTable }
Remove-PSSession $s

Nnwale na WinRM Bara uru:

Test-WSMan -ComputerName host
winrm get winrm/config
winrm enumerate winrm/config/listener
winrm quickconfig -transport:https

Ihe ndetu bara uru na firewall, netwọkụ na ọdụ ụgbọ mmiri

Mepee 5985/TCP maka HTTP na 5986/TCP maka HTTPS na kọmpụta ebumnuche yana na ọ bụla etiti firewallNa ndị ahịa Windows, Kwado-PSRemote na-emepụta iwu maka profaịlụ ngalaba na nkeonwe; maka profaịlụ ọha, ọ bụ naanị na subnet mpaghara ọ gwụla ma ị megharịa oke ya na Set-NetFirewallRule -RemoteAddress ọ bụla (uru ị nwere ike nyochaa dabere na ihe egwu gị).

Ọ bụrụ na ị na-eji SOAR/SIEM integrations nke na-agba ọsọ iwu dịpụrụ adịpụ (dịka site na XSOAR), jide n'aka na ihe nkesa ahụ nwere. Mkpebi DNS na ndị ọbịa, njikọta na 5985/5986, yana nzere nwere ikike mpaghara zuru oke. N'ọnọdụ ụfọdụ, NTLM/Nnyocha ndabere nwere ike ịchọ mmezi (dịka ọmụmaatụ, iji onye ọrụ mpaghara na Basic nwere SSL).

Kwado-PSRemoting Parameter (Nchịkọta ọrụ)

-Kwenye arịrịọ maka nkwenye tupu emee; - Ike na-eleghara ịdọ aka ná ntị anya ma mee mgbanwe ndị dị mkpa; -SkipNetworkProfileCheck na-enyere aka ịwepụ na netwọk ndị ahịa ọha (maara na ndabara na subnet mpaghara); -GịnịỌ bụrụ na-egosi gị ihe ga-eme na-etinyeghị mgbanwe. Na mgbakwunye, dị ka cmdlet ọkọlọtọ ọ bụla, ọ na-akwado nkịtị parameters (-Verbose, -ErrorAction, wdg).

Cheta na “Kwado” anaghị emepụta gị ndị na-ege HTTPS ma ọ bụ asambodo; ọ bụrụ na ịchọrọ izo ya ezo na njedebe na njedebe site na mmalite na nyocha dabere na asambodo, Hazie onye na-ege HTTPS wee kwado CN/SAN megide aha ị ga-eji na -ComputerAha.

Iwu ịwepụ WinRM na PowerShell bara uru

.Fọdụ ihe dị n'akụkụ akwa akwa maka ndụ kwa ụbọchị:

winrm get winrm/config
winrm enumerate winrm/config/listener
Set-NetFirewallRule -Name 'WINRM-HTTP-In-TCP' -RemoteAddress Any
Test-WSMan -ComputerName host -Authentication Default -Credential (Get-Credential)
New-PSSession -ComputerName host 
Enter-PSSession -ComputerName host 
Enable-PSRemoting -SkipNetworkProfileCheck -Force

Mgbe ị na-ejikwa Windows n'ogo, Mwepụ na-enye gị ohere ịkwaga site na "kọmputa-na-kọmputa" gaa na nkwupụta na nchekwa. Site na ijikọta nnọkọ na-adịgide adịgide, nyocha siri ike (Kerberos/HTTPS), njedebe njedebe, yana akara doro anya maka nchọpụta nchọpụta, ị nweta ọsọ na njikwa na-enweghị ịchụ nchekwa ma ọ bụ nyocha. Ọ bụrụ na ị na-ahazikwa ịgbalite GPO na ikpe pụrụ iche (TrustedHosts, hop abụọ, asambodo), ị ga-enwe ikpo okwu dịpụrụ adịpụ maka arụmọrụ kwa ụbọchị yana nzaghachi omume.