DSC resources for configuring WS-Management and PowerShell Remoting.
PowerShell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
DSCResources
Examples
Tests
.gitignore
LICENSE
README.md
WSManDsc.psd1
appveyor.yml

README.md

Build status

WSManDsc

The WSManDsc module contains DSC resources for configuring WS-Management and PowerShell Remoting.

Resources

  • WSManListener create, edit or remove WS-Management HTTP/HTTPS listeners.
  • WSManServiceConfig Configure the WS-Man Service.

Contributing

Please check out common DSC Resources contributing guidelines.

WSManListener

Parameters

  • Transport: The transport type of the WS-Man listener. Can be HTTP or HTTPS. Defaults to HTTPS.
  • Ensure: Ensures that Listener is either Absent or Present. Required.
  • Port: The port of the listener. This optional parameter defaults to 5985 for HTTP listeners and 5986 for HTTPS listeners.
  • Address: The address the listener is bound to. This optional parameter defaults to * (any address). The following parameters are only required if Transport is HTTPS:
  • Issuer: The full name of the certificate issuer to use for the HTTPS WS-Man Listener.
  • SubjectFormat: The format of the computer name that will be matched against the certificate subjects to identify the certificate to use for an SSL Listener. Only required if SSL is true. Defaults to Both. Must be one of the following values:
    • Both: Look for a certificate with a subject matching the computer FQDN. If one can't be found the flat computer name will be used. If neither can be found then the listener will not be created.
    • FQDN: Look for a certificate with a subject matching the computer FQDN only. If one can't be found then the listener will not be created.
    • ComputerName: Look for a certificate with a subject matching the computer FQDN only. If one can't be found then the listener will not be created.
  • MatchAlternate: Also match the certificate alternate subject name. { True | False }

Examples

Create an HTTP Listener on port 5985:

configuration Sample_WSManListener_HTTP
{
    Import-DscResource -Module WSManDsc

    Node $NodeName
    {
        WSManListener HTTP
        {
            Transport = 'HTTP'
            Ensure    = 'Present'
        } # End of WSManListener Resource
    } # End of Node
} # End of Configuration

Sample_WSManListener_HTTP
Start-DscConfiguration -Path Sample_WSManListener_HTTP -Wait -Verbose -Force

Create an HTTPS Listener using a LocalMachine certificate that is installed and issued by 'CN=CONTOSO.COM Issuing CA, DC=CONTOSO, DC=COM' on port 5986:

configuration Sample_WSManListener_HTTPS
{
    Import-DscResource -Module WSManDsc

    Node $NodeName
    {
        WSManListener HTTPS
        {
            Transport = 'HTTPS'
            Ensure    = 'Present'
            Issuer    = 'CN=CONTOSO.COM Issuing CA, DC=CONTOSO, DC=COM'
        } # End of WSManListener Resource
    } # End of Node
} # End of Configuration

Sample_WSManListener_HTTPS
Start-DscConfiguration -Path Sample_WSManListener_HTTPS -Wait -Verbose -Force

WSManServiceConfig

Parameters

  • RootSDDL: Specifies the security descriptor that controls remote access to the listener. Default "O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;ER)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)".
  • MaxConnections: Specifies the maximum number of active requests that the service can process simultaneously. Default 300.
  • MaxConcurrentOperationsPerUser: Specifies the maximum number of concurrent operations that any user can remotely open on the same system. Default 1500.
  • EnumerationTimeoutms: Specifies the idle time-out in milliseconds between Pull messages. Default 60000.
  • MaxPacketRetrievalTimeSeconds: Specifies the maximum length of time, in seconds, the WinRM service takes to retrieve a packet. Default 120.
  • AllowUnencrypted: Allows the client computer to request unencrypted traffic. { True | False }
  • AuthBasic: Allows the WinRM service to use Basic authentication. { True | False }
  • AuthKerberos: Allows the WinRM service to use Kerberos authentication. { True | False }
  • AuthNegotiate: Allows the WinRM service to use Negotiate authentication. { True | False }
  • AuthCertificate: Allows the WinRM service to use client certificate-based authentication. { True | False }
  • AuthCredSSP: Allows the WinRM service to use Credential Security Support Provider (CredSSP) authentication. { True | False }
  • AuthCbtHardeningLevel: Sets the policy for channel-binding token requirements in authentication requests. { Strict | Relaxed | None }
  • EnableCompatibilityHttpListener: Specifies whether the compatibility HTTP listener is enabled. { True | False }
  • EnableCompatibilityHttpsListener: Specifies whether the compatibility HTTPS listener is enabled. { True | False }

Examples

Configure the WS-Man Service:

configuration Sample_WSManServiceConfig
{
    Import-DscResource -Module WSManDsc

    Node $NodeName
    {
        WSManServiceConfig ServiceConfig
        {
            MaxConnections                   = 100
            AllowUnencrypted                 = $False
            AuthCredSSP                      = $True
            EnableCompatibilityHttpListener  = $True
            EnableCompatibilityHttpsListener = $True
        } # End of WSManServiceConfig Resource
    } # End of Node
} # End of Configuration

Sample_WSManServiceConfig
Start-DscConfiguration -Path Sample_WSManServiceConfig -Wait -Verbose -Force

Versions

Unreleased

  • Added WSManServiceConfig resource.
  • Prepare module for moving over to DSC community resources.
  • Fixes WSManListener when Compatibility Listeners are enabled.

1.0.1.0

  • Documentation and Module Manifest Update only.

1.0.0.0

  • Initial release containing cWSManListener resource.