ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    WinRM: Security Question

    Scheduled Pinned Locked Moved IT Discussion
    winrmremote managementpowershell
    22 Posts 7 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobseG
      gjacobse
      last edited by

      What is the generally practice on using WinRM? While every network policy can be different - the States system allowed WinRM, which gave me more tools and abilities - mainly being about to perform tasks without having to walk across a building or driving into the office to begin with.

      Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

      EddieJenningsE DashrenderD 2 Replies Last reply Reply Quote 0
      • EddieJenningsE
        EddieJennings
        last edited by

        Using Powershell remoting, which uses WinRM, would be a requirement for managing windows endpoints, in my opinion.

        DustinB3403D 1 Reply Last reply Reply Quote 2
        • EddieJenningsE
          EddieJennings @gjacobse
          last edited by

          @gjacobse said in WinRM: Security Question:

          Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

          What's the specific risk?

          gjacobseG DashrenderD 2 Replies Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403 @EddieJennings
            last edited by

            @eddiejennings said in WinRM: Security Question:

            Using Powershell remoting, which uses WinRM, would be a requirement for managing windows endpoints, in my opinion.

            I agree, but at the same time as @gjacobse pointed out, having it disabled helps are limit the potential vectors that can be used to attack with.

            But pretty much any and every support tool out there that "uses magic" is using powershell when it comes to managing windows.

            1 Reply Last reply Reply Quote 2
            • gjacobseG
              gjacobse @EddieJennings
              last edited by

              @eddiejennings said in WinRM: Security Question:

              @gjacobse said in WinRM: Security Question:

              Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

              What's the specific risk?

              Well - that is my question and I don't know that I will get any more of an answer other than:

              "Remote Powershell execution"

              I feel as if I had a tool in the box and it's been welded so it can't be used.

              DustinB3403D 1 Reply Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403 @gjacobse
                last edited by

                @gjacobse said in WinRM: Security Question:

                @eddiejennings said in WinRM: Security Question:

                @gjacobse said in WinRM: Security Question:

                Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

                What's the specific risk?

                Well - that is my question and I don't know that I will get any more of an answer other than:

                "Remote Powershell execution"

                I feel as if I had a tool in the box and it's been welded so it can't be used.

                WinRM in and of itself could of course be used for malicious intent. But so can Manage Engine or any other remote management tool. Someone picked WinRM and said "No" because they don't know how it works or how to secure the environment from abuse.

                1 Reply Last reply Reply Quote 1
                • DashrenderD
                  Dashrender @EddieJennings
                  last edited by

                  @eddiejennings said in WinRM: Security Question:

                  @gjacobse said in WinRM: Security Question:

                  Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

                  What's the specific risk?

                  The same ones for SSH, only those that affect remote powershell 😉

                  If remote powershell is anything as bad as RDP security has been seen to be, man, it's a mess.. but frankly I don't really know.

                  EddieJenningsE 1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @gjacobse
                    last edited by

                    @gjacobse said in WinRM: Security Question:

                    Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

                    Do they not have any other remote management system in place of any kind?
                    Almost anything would be better than driving across town.

                    gjacobseG 1 Reply Last reply Reply Quote 0
                    • gjacobseG
                      gjacobse @Dashrender
                      last edited by

                      @dashrender said in WinRM: Security Question:

                      @gjacobse said in WinRM: Security Question:

                      Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

                      Do they not have any other remote management system in place of any kind?
                      Almost anything would be better than driving across town.

                      We are using Manage Engine for remote -

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @gjacobse
                        last edited by

                        @gjacobse said in WinRM: Security Question:

                        @dashrender said in WinRM: Security Question:

                        @gjacobse said in WinRM: Security Question:

                        Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

                        Do they not have any other remote management system in place of any kind?
                        Almost anything would be better than driving across town.

                        We are using Manage Engine for remote -

                        Does ME not have the ability to run commands on the machines? I know SC and MC both do.

                        dafyreD EddieJenningsE 2 Replies Last reply Reply Quote 0
                        • EddieJenningsE
                          EddieJennings @Dashrender
                          last edited by

                          @dashrender said in WinRM: Security Question:

                          The same ones for SSH, only those that affect remote powershell 😉

                          Yeah, that's the point that I'm getting at. While, yes, making WinRM available and using remote PowerShell is a potential vector for attack, preventing management automation seems like a greater risk.

                          1 Reply Last reply Reply Quote 0
                          • dafyreD
                            dafyre @Dashrender
                            last edited by

                            @dashrender said in WinRM: Security Question:

                            @gjacobse said in WinRM: Security Question:

                            @dashrender said in WinRM: Security Question:

                            @gjacobse said in WinRM: Security Question:

                            Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

                            Do they not have any other remote management system in place of any kind?
                            Almost anything would be better than driving across town.

                            We are using Manage Engine for remote -

                            Does ME not have the ability to run commands on the machines? I know SC and MC both do.

                            But don't SC and MC both require Agents? If you need to have an Agent installed then doesn't that make WinRM unnecessary?

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • EddieJenningsE
                              EddieJennings @Dashrender
                              last edited by

                              @dashrender said in WinRM: Security Question:

                              @gjacobse said in WinRM: Security Question:

                              @dashrender said in WinRM: Security Question:

                              @gjacobse said in WinRM: Security Question:

                              Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

                              Do they not have any other remote management system in place of any kind?
                              Almost anything would be better than driving across town.

                              We are using Manage Engine for remote -

                              Does ME not have the ability to run commands on the machines? I know SC and MC both do.

                              I wonder the same.

                              1 Reply Last reply Reply Quote 0
                              • gjacobseG
                                gjacobse
                                last edited by

                                While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.

                                DashrenderD stacksofplatesS 2 Replies Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @dafyre
                                  last edited by

                                  @dafyre said in WinRM: Security Question:

                                  @dashrender said in WinRM: Security Question:

                                  @gjacobse said in WinRM: Security Question:

                                  @dashrender said in WinRM: Security Question:

                                  @gjacobse said in WinRM: Security Question:

                                  Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

                                  Do they not have any other remote management system in place of any kind?
                                  Almost anything would be better than driving across town.

                                  We are using Manage Engine for remote -

                                  Does ME not have the ability to run commands on the machines? I know SC and MC both do.

                                  But don't SC and MC both require Agents? If you need to have an Agent installed then doesn't that make WinRM unnecessary?

                                  of course, no one said anything different.

                                  1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @gjacobse
                                    last edited by

                                    @gjacobse said in WinRM: Security Question:

                                    While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.

                                    Well that sucks... so yeah.. you'll have to interrupt the user, remote GUI - and run the command.
                                    but at least you're not driving across town.

                                    1 Reply Last reply Reply Quote 1
                                    • ObsolesceO
                                      Obsolesce
                                      last edited by

                                      If they can't keep their systems patched, then sure. But if that's the case it doesn't matter anyways. If it's not an issue to keep their devices patched properly, then it can be on. Additionally, you could configure the firewalls for devices to only allow connections from a bastion host.

                                      1 Reply Last reply Reply Quote 0
                                      • stacksofplatesS
                                        stacksofplates @gjacobse
                                        last edited by

                                        @gjacobse said in WinRM: Security Question:

                                        While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.

                                        https://www.manageengine.com/products/free-windows-tools/free-remote-command-prompt-tool.html

                                        1 Reply Last reply Reply Quote 1
                                        • stacksofplatesS
                                          stacksofplates
                                          last edited by

                                          https://www.manageengine.com/products/desktop-central/help/computer_configuration/executing_custom_scripts.html

                                          gjacobseG 1 Reply Last reply Reply Quote 1
                                          • gjacobseG
                                            gjacobse @stacksofplates
                                            last edited by

                                            @stacksofplates said in WinRM: Security Question:

                                            https://www.manageengine.com/products/desktop-central/help/computer_configuration/executing_custom_scripts.html

                                            Thanks -
                                            Guess it will have to do... sigh.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post