Function ConfigureProtocols($Config) { #Removes HTTP listener, if found try { Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet @{Address = "*"; Transport = "HTTP"} -ErrorAction Ignore } catch { "No Http listener found" } #Removes HTTPs listener, if found try { Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet @{Address = "*"; Transport = "HTTPS"} -ErrorAction Ignore } catch { "No Https listener found" } "Creating HTTPS Listener" winrm create winrm/config/listener?Address=*+TransPort=HTTPS $Config } Function SetAuthProtocals { $typeArray = @("Service", "Client") $protocolArray = $("Basic", "Digest", "Kerberos", "Certificate", "AllowUnencrypted") foreach ($type in $typeArray) { foreach($protocol in $protocolArray) { $path = $("WSMan:\localhost\$($type)\Auth\$($protocol)") if(Test-Path $path) { Set-Item -Path $path -Value $false } } } Set-Item -Path "WSMan:\localhost\Service\Auth\Negotiate" $true Set-Item -Path "WSMan:\localhost\Client\Auth\Negotiate" $true } Function GetIPAddresses { $allAddresses = @() try { $allAddresses += Get-NetIPAddress -AddressFamily IPv4 | For-Each $_ } catch { #Win2008 Compatible: Gets all IPV4 ip addresses. Filter for ipv6 is *:* $allAddresses = Get-WmiObject Win32_NetworkAdapterConfiguration | Where { $_.IPAddress } | Select -Expand IPAddress | Where { $_ -notlike '*:*' } } $allAddresses = $allAddresses | Where {$_ -notlike '127.0.0.1'} return $allAddresses } Function GenerateSan($Hostname, $FQDN) { $result = @() $result = @(GetIPAddresses) $result += $Hostname $result += $FQDN return $result } Function ConfigureFirewall { try { If (-Not(get-netfirewallrule "Windows Remote Management (HTTPS-In)")) { New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP } } catch { #Windows 2008 Compatible command: $firewallRuleExists = netsh advfirewall firewall show rule name="Windows Remote Management (HTTPS-In)" if($firewallRuleExists -eq "No rules match the specified criteria.") { netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=tcp profile=any localport=5986 } } } Function GenerateCertificate { if ((Get-Service WinRM).status -eq "Stopped") {Start-Service WinRM} $Hostname = $(Get-WmiObject -class win32_computersystem).name $Domain = $(Get-WmiObject -class win32_computersystem).domain $FQDN = $Hostname + "." + $Domain $certGenScriptFile = "New-SelfsignedCertificateEx.ps1" $sanValue = GenerateSan $Hostname $FQDN if (-not (Test-Path -path $certGenScriptFile)) { throw "$certGenScriptFile is not found. Please follow the user guide for instructions to download $certGenScriptFile and re-run this script" } Import-Module .\New-SelfsignedCertificateEx.ps1 -Force $cert = New-SelfsignedCertificateEx -Subject "CN=$Hostname" -SAN $sanValue -EKU "Server Authentication" -StoreLocation "LocalMachine" -IsCA $true $Config = '@{Hostname="' + $Hostname + '";CertificateThumbprint="' + $cert.Thumbprint + '"}' ConfigureProtocols $Config ConfigureFirewall "WinRM HTTPS Listener Info..." winrm enum winrm/config/listener Set-Service WinRM -StartMode Automatic Restart-Service -Force WinRM } Function RunScripts { Enable-PSRemoting -Force SetAuthProtocals GenerateCertificate } RunScripts