windows – WSMan和基本授权

发布时间：2020-12-14 02:04:41 所属栏目：Windows 来源：网络整理

导读：我正在努力让WSMan使用Basic authorizaion. 我总是得到Access Denied错误. Kerberos验证工作正常. Windows远程管理服务在域A中的Windows Server 2008 R2上运行,并具有以下配置： Config MaxEnvelopeSizekb = 800 MaxTimeoutms = 600000 MaxBatchItems = 20 M

我正在努力让WSMan使用Basic authorizaion.
我总是得到Access Denied错误. Kerberos验证工作正常.

Windows远程管理服务在域A中的Windows Server 2008 R2上运行,并具有以下配置：

Config
    MaxEnvelopeSizekb = 800
    MaxTimeoutms = 600000
    MaxBatchItems = 20
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts = *
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;S-1-5-21-2516571543-3809851355-1508507046-1008)(A;;GA;;;BA)(A;;GAGXGWGR;;;S-1-5-21-3465154619-3242790773-2173928322-17804)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 200
        EnumerationTimeoutms = 600000
        MaxConnections = 15
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = true
        Auth
            Basic = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = true
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint = ee cd g2 5e 61 ad d0 07  07 b7 77 95 ec 38 16 02df 7f 64 51
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 180000
        MaxConcurrentUsers = 5
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 15
        MaxMemoryPerShellMB = 150
        MaxShellsPerUser = 5

我正在域B中的Windows 7工作站上执行Test-WSMan：

Test-WSMan -ComputerName https://server2008:5986 -Auth basic -Cred BMY_USER_NAME

并收到以下错误：

Test-WSMan : Access is denied.
At line:1 char:11
+ Test-WSMan -ComputerName https://server2008:5986 -Auth basic -Cred BMY_USER_NAME
    + CategoryInfo          : InvalidOperation: (https://server2008:5986:5986:String) [Test-WSMan],InvalidOperationException
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand

请注意以下命令正常工作：

Test-WSMan -ComputerName https://server2008:5986 -Auth kerberos

以下日志记录在Windows Server上：

Error   6/22/2012 12:21:27 PM   Windows Remote Management   168 User authentication

General: Sending HTTP 401 response to the client and disconnect the connection after sending the response
Details:
    Log Name:      Microsoft-Windows-WinRM/Operational
    Source:        Microsoft-Windows-WinRM
    Date:          6/22/2012 12:21:27 PM
    Event ID:      168
    Task Category: User authentication
    Level:         Error
    Keywords:      Security,Server
    User:          NETWORK SERVICE
    Computer:      server2008
    Description:
        Sending HTTP 401 response to the client and disconnect the connection after sending the response

有人可以帮我解决这个问题吗？这是配置问题还是我做错了什么？

谢谢.

解决方法

WinRM basic Auth不尊重域名. 基本上,您只能作为目标计算机的本地用户进行身份验证

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!