Download presentation
Presentation is loading. Please wait.
1
Windows Server 2008 遠端管理 - Windows Remote Management
<SLIDETITLE INCLUDE=7>Windows Server 2008 應用程式相容性</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Hello and Welcome to this Microsoft TechNet session on {insert session title}. My name is {insert name} </SLIDESCRIPT> <SLIDETRANSITION> <TRANSITION LENGTH=7>Let us start this session by going into more detail on exactly what we will be covering.</TRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION> 曹祖聖 台灣微軟資深講師 MCP, MCP+I, MCSA, MCSE,MCDBA, MCAD, MCSD, MCT, MVP
2
大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態
4/20/2019 8:35 AM 大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態 如何透過 WinRM 進行遠端系統管理 WinRM 安全性考量 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Server 2008 and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
3
大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態
4/20/2019 8:35 AM 大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態 如何透過 WinRM 進行遠端系統管理 WinRM 安全性考量 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Server 2008 and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
4
使用 Windows Remote Shell 管理
Windows Remote Management (WinRM) WS-Management Windows Remote Shell (WinRS) 支援 Windows Vista / Windows Server 2008 只能執行命令列工具或腳本 不支援互動模式 例如: "請按任意鍵繼續 …"
5
大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態
4/20/2019 8:35 AM 大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態 如何透過 WinRM 進行遠端系統管理 WinRM 安全性考量 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Server 2008 and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
6
組態設定 你的第一步 winrm help config winrm get winrm/config
winrm get winrm/config/client winrm get winrm/config/service
7
快速設定 WinRM 使用命令列 使用 unattend 檔 也可以使用群組原則來設定 WinRM quickconfig
在 <settings pass=“specialize”> 區段中加入: <component name=“Microsoft-Windows-Web-Services-for-Management-Core” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” processorArchitecture=“x86”> <ConfigureWindowsRemoteManagement> true </ConfigureWindowsRemoteManagement> </component> 也可以使用群組原則來設定
8
自訂 WinRM 組態 列出目前的 listener 建立 listener
winrm enumerate winrm/config/listener 建立 listener winrm create winrm/config/listener?Address=*+Transport=HTTP
9
測試連線 winrm id -r:sc winrm id -r:sc -a:negotiate -u:MCG\Administrator
10
demo 設定 WinRM 與檢視 WinRM 狀態
11
大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態
4/20/2019 8:35 AM 大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態 如何透過 WinRM 進行遠端系統管理 WinRM 安全性考量 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Server 2008 and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
12
使用 WinRS WinRS -r:<遠端主機> 命令 遠端主機可以是: 例如 -r:https://myserver.com
-r:myserver -r: -r: 例如 winrs -r:myserver dir c:\windows\system32\*.dll
13
WinRS 範例 啓用 Terminal Services 遠端管理 允許舊的 TS 用戶端 (Vista 之前) 加入網域
winrs -r:myserver cscript \windows\system32\scregedit.wsf /ar 0 允許舊的 TS 用戶端 (Vista 之前) winrs -r:myserver cscript \windows\system32\scregedit.wsf /cs 0 加入網域 winrs -r:myserver netdom add myserver /domain:testdomain /userd:administrator /passwordd:<password> 將網域管理員加入本機管理者群組 winrs -r:myserver net localgroup administrators testdomain\administrator /add
14
使用 WinRM 取得資訊 winrm identify -remote:sc
winrm get wmicimv2/Win32_Service?Name=WinRM -remote:SC
15
使用 WinRM 執行方法 winrm invoke StopService wmicimv2/Win32_Service?Name=W32Time -remote:SC
16
使用 WinRM 設定屬性 winrm get winrm/config -remote:SC
winrm put -remote:SC
17
demo 使用 WinRS / WinRM 進行系統管理
18
大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態
4/20/2019 8:35 AM 大綱 Windows Remote Management (WinRM) 介紹 設定與檢視伺服器端 WinRM 組態 如何透過 WinRM 進行遠端系統管理 WinRM 安全性考量 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Server 2008 and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
19
使用 SSL 申請 "網頁伺服器" 憑證 建立 HTTPS listener
winrm create winrm/config/listener CertificateThumbprint="?????"}
20
使用者驗證方式 啓用身份驗證 工作群組主機信任
winrm set 工作群組主機信任 winrm set
21
demo WinRM 安全性
22
在何處取得 TechNet 相關資訊? 訂閱 TechNet 資訊技術人快訊 訂閱 TechNet Plus 參加 TechNet 的活動 下載 TechNet 研討會簡報與錄影檔
23
<SLIDETITLE INCLUDE=0>Tag line</SLIDETITLE>
<KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT></SLIDESCRIPT> <SLIDETRANSITION> </SLIDETRANSITION> <COMMENT></COMMENT> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>
Similar presentations