0
(0)

For larger domain environments, we recommend that you configure the WinRM service via Group Policy.

Note: Using HTTP for WinRM is not recommended outside a domain environment where the NTLM protocol does not provide a sufficient level of protection for credentials. This also means that using HTTP is particularly inadequate when using scan nodes that are deployed on Linux computers.

    1. Create a new Group Policy object:
      1. Select Start > Administrative Tools > Group Policy Management.
      2. Right-click Domains and select Create a GPO in this domain, and link it here.
      3. Enter Elements Vulnerability Management as the required name and click OK.
      4. Right-click the GPO that you just created (Elements Vulnerability Management) and select Edit.
    2. Allow remote server management through WinRM:
      1. Select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.
      2. Right-click Allow remote server management through WinRM, select Enabled, and enter suitable IPv4 and IPv6 filters.
    3. Switch on the WinRM service:
      1. Select Computer Configuration > Preferences > Control Panel Settings.
      2. Right-click Services and select New > Service.
      3. Select Automatic as the Startup type and WinRM as the ServiceName.
    4. Add a firewall rule to allow traffic:
      1. Select Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security.
      2. Right-click Inbound Rules and select New Rule.
      3. Select Windows Remote Management as the Predefined rule type and click Next.
      4. Select the appropriate rule for your network profile and click Next.
      5. Select Allow the connection and click Finish.
    5. On the scan node, run the following command to add the target host to the TrustedHosts list:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value ‘{IpAddress}’

Note: Use the IP address of the target computer. Use the wildcard character (*) instead of an IP address to add all computers.

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 9 times, 1 visits today)