Windows
如何為 winrm 啟用協商身份驗證
我通過執行以下命令禁用了伺服器上 winrm 服務的協商身份驗證:
winrm put winrm/config/service/Auth @{Negotiate="false"}
現在我可以使用 winrm 執行任何操作。我得到錯誤:
Message = The WinRM client cannot process the request. The WinRM client trie d to use Negotiate authentication mechanism, but the destination computer (local host:47001) returned an 'access denied' error. Change the configuration to allow Negotiate authentication mechanism to be used or specify one of the authenticat ion mechanisms supported by the server. To use Kerberos, specify the local compu ter name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local co mputer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server:
我理解這個錯誤,但問題是我在網上找到啟用協商身份驗證的唯一方法是執行:
winrm put winrm/config/service/Auth @{Negotiate="true"}
這當然給出了上面的錯誤。還有另一種啟用協商身份驗證的方法嗎?
使用組策略:
電腦 > 策略 > 管理模板 > Windows 組件 > Windows 遠端管理 > WinRM 服務:
不允許協商身份驗證:已禁用。
編輯系統資料庫項 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client。
將 auth_kerberos 和 auth_negotiate 設置為 1。
重新啟動服務。