Monday 4 August 2014

issues with winRM and windows remote assist

Having some issues with it just storing some information here

Remote assist uses DCOM it must be enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
EnableDCOM = Y

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
AllowTSConnections = 1

If you enable this policy you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running

Windows vista and later
Enable the Remote Assistance exception for the domain profile. The exception must contain:
Port 135:TCP
%WINDIR%\System32\msra.exe
%WINDIR%\System32\raserver.exe

Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)

Port 135:TCP
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
%WINDIR%\System32\Sessmgr.exe

For computers running Windows Server 2003 with Service Pack 1 (SP1)

Port 135:TCP
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
Allow Remote Desktop Exception

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
fAllowUnsolicited = 1
fAllowUnsolicitedFullControl = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
davies\domain admins = davies\domain admins

WinRM

Configuring WinRM using Microsoft Group Policy

If running winrm quickconfig on every XenApp server is not efficient for your site, you can configure WinRM using Microsoft Group Policy.
Note: Settings configured by Group Policy overrides the configuration changes made by the installer or configuration changes made locally on the desktop.
 
Complete the following procedure to configure WinRM using Group Policy:
  1. Set the WinRM service to auto start:
    a.    In the Group Policy Editor, navigate to Computer Configuration> Policies > Windows Settings > Security Settings> System Services.
    b.    Double-click Windows Remote Management (WS-Management) and set it to Automatic.

  2.   Create the WinRM listener:
    a.    In the Group Policy Editor, navigate to Computer Configuration >Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM  Service.
    b.    Double-click Allow automatic configuration of listeners and configure the IPv4 filter to *.
     
  3. Create a firewall exception for WinRM:
    a.    In the Group Policy Editor, navigate to Computer Configuration> Policies > Windows Settings > Security Settings> Windows Firewall with Advanced Security.
    b.    Create an Inbound Rule for WinRM for port 5985.
  4. After configuring the preceding three group policies, restart the server to update the group policies and start the WinRM service.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)