The Pigstye

Tom Willett's Playground

Here you will find my collected notes, code and musings.

• Home
• Computer Forensics >>
• Notes
• PowerShell Scripts
• Remediation
• Documentation
• SysAdmin
• Code

WinRM Behavior

WinRm (Windows Remote Management) is a powerful tool that can also be abused. There are some configurations that can make it more secure. These can be configured through Group Policy.

Plain Text Passwords

Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service - Set "Allow Basic authentication" to "Disabled".

Allow Unencrypted Traffic

Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Client - Set "Allow unencrypted traffic" to "Disabled".

You can further restrict permission to use WinRM by host.

See https://docs.microsoft.com/en-us/windows/win32/winrm/authentication-for-remote-connections

This Website made with hand crafted html and css.

Everything here is released under the No License.