Windows

如何為 winrm 啟用協商身份驗證

  • November 15, 2019

我通過執行以下命令禁用了伺服器上 winrm 服務的協商身份驗證:

winrm put winrm/config/service/Auth @{Negotiate="false"}

現在我可以使用 winrm 執行任何操作。我得到錯誤:

   Message = The WinRM client cannot process the request. The WinRM client trie
d to use Negotiate authentication mechanism, but the destination computer (local
host:47001) returned an 'access denied' error. Change the configuration to allow
Negotiate authentication mechanism to be used or specify one of the authenticat
ion mechanisms supported by the server. To use Kerberos, specify the local compu
ter name as the remote destination. Also verify that the client computer and the
destination computer are joined to a domain. To use Basic, specify the local co
mputer name as the remote destination, specify Basic authentication and provide
user name and password. Possible authentication mechanisms reported by server:

我理解這個錯誤,但問題是我在網上找到啟用協商身份驗證的唯一方法是執行:

winrm put winrm/config/service/Auth @{Negotiate="true"}

這當然給出了上面的錯誤。還有另一種啟用協商身份驗證的方法嗎?

使用組策略:

電腦 > 策略 > 管理模板 > Windows 組件 > Windows 遠端管理 > WinRM 服務:

不允許協商身份驗證:已禁用。

編輯系統資料庫項 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client。

將 auth_kerberos 和 auth_negotiate 設置為 1。

重新啟動服務。

引用自:https://serverfault.com/questions/550081