4104152150x0227668Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Enable-PSRemoting -SkipNetworkProfileCheck c6ad7c6d-9b2a-413b-a3fc-0956444fd9e8 4104152150x0226841Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11 function Enable-PSRemoting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="Medium")] param( [Parameter()] [bool] $Force, [Parameter()] [string] $queryForRegisterDefault, [Parameter()] [string] $captionForRegisterDefault, [Parameter()] [string] $queryForSet, [Parameter()] [string] $captionForSet, [Parameter()] [bool] $skipNetworkProfileCheck ) end { # Enable all Session Configurations try { $null = $PSBoundParameters.Remove("queryForRegisterDefault") $null = $PSBoundParameters.Remove("captionForRegisterDefault") $null = $PSBoundParameters.Remove("queryForSet") $null = $PSBoundParameters.Remove("captionForSet") $PSBoundParameters.Add("Name","*") # first try to enable all the sessions Enable-PSSessionConfiguration @PSBoundParameters # make sure default powershell end points exist # ie., Microsoft.PowerShell # and Microsoft.PowerShell32 (wow64) $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell","Register-PSSessionConfiguration Microsoft.PowerShell -force" if ((!$endpoint) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault))) { $null = Register-PSSessionConfiguration Microsoft.PowerShell -force set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell\Quotas\MaxShellsPerUser -value "25" -confirm:$false set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell\Quotas\MaxIdleTimeoutms -value 2147483647 -confirm:$false restart-service winrm -confirm:$false } # Check Microsoft.PowerShell.Workflow endpoint $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell.workflow -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } if (!$endpoint) { $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell.Workflow","Register-PSSessionConfiguration Microsoft.PowerShell.Workflow -force" if ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault)) { $tempxmlfile = [io.path]::Gettempfilename() " <PlugInConfiguration xmlns='http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration' Name='Microsoft.Powershell.Workflow' Filename='%windir%\system32\pwrshplugin.dll' SDKVersion='2' XmlRenderingType='text' UseSharedProcess='true' ProcessIdleTimeoutSec='1209600' OutputBufferingMode='Block' Enabled='True' > <InitializationParameters> <Param Name='PSVersion' Value='5.1' /> <Param Name='AssemblyName' Value='Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL'/> <Param Name='PSSessionConfigurationTypeName' Value='Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration'/> <Param Name='SessionConfigurationData' Value =' <SessionConfigurationData> <Param Name="ModulesToImport" Value="%windir%\system32\windowspowershell\v1.0\Modules\PSWorkflow" /> <Param Name="PrivateData"> <PrivateData> <Param Name="enablevalidation" Value="true" /> </PrivateData> </Param> </SessionConfigurationData> ' /> </InitializationParameters> <Resources> <Resource ResourceUri='http://schemas.microsoft.com/powershell/Microsoft.Powershell.Workflow' SupportsOptions='true' ExactMatch='true'> <Security Uri='http://schemas.microsoft.com/powershell/Microsoft.PowerShell.Workflow' Sddl='O:NSG:BAD:P(D;;GA;;;NU)(A;;GA;;;BA)(A;;GA;;;RM)(A;;GA;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)' ExactMatch='False'/> <Capability Type='Shell' /> </Resource> </Resources> <Quotas MaxMemoryPerShellMB='1024' MaxIdleTimeoutms='2147483647' MaxConcurrentUsers='5' IdleTimeoutms='7200000' MaxProcessesPerShell='15' MaxConcurrentCommandsPerShell='1000' MaxShells='25' MaxShellsPerUser='25' /> </PlugInConfiguration> " | out-file -force -filepath $tempxmlfile -confirm:$false $null = winrm create winrm/config/plugin?Name=Microsoft.PowerShell.Workflow -file:$tempxmlfile remove-item -path $tempxmlfile -force -confirm:$false restart-service winrm -confirm:$false } } $pa = $env:PROCESSOR_ARCHITECTURE if ($pa -eq "x86") { # on 64-bit platforms, wow64 bit process has the correct architecture # available in processor_architew6432 varialbe $pa = $env:PROCESSOR_ARCHITEW6432 } if ((($pa -eq "amd64")) -and (test-path $env:windir\syswow64\pwrshplugin.dll)) { # Check availability of WOW64 endpoint. Register if not available. $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell32 -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell32","Register-PSSessionConfiguration Microsoft.PowerShell32 -processorarchitecture x86 -force" if ((!$endpoint) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault))) { $null = Register-PSSessionConfiguration Microsoft.PowerShell32 -processorarchitecture x86 -force set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell32\Quotas\MaxShellsPerUser -value "25" -confirm:$false set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell32\Quotas\MaxIdleTimeoutms -value 2147483647 -confirm:$false restart-service winrm -confirm:$false } } # remove the 'network deny all' tag Get-PSSessionConfiguration -Force:$Force | % { $sddl = $null if ($_.psobject.members["SecurityDescriptorSddl"]) { $sddl = $_.psobject.members["SecurityDescriptorSddl"].Value } if ($sddl) { # Construct SID for network users [system.security.principal.wellknownsidtype]$evst = "NetworkSid" $networkSID = new-object system.security.principal.securityidentifier $evst,$null $securityIdentifierToPurge = $null $sd = new-object system.security.accesscontrol.commonsecuritydescriptor $false,$false,$sddl $sd.DiscretionaryAcl | % { if (($_.acequalifier -eq "accessdenied") -and ($_.securityidentifier -match $networkSID) -and ($_.AccessMask -eq 268435456)) { $securityIdentifierToPurge = $_.securityidentifier } } if ($securityIdentifierToPurge) { # Remove the specific ACE $sd.discretionaryacl.RemoveAccessSpecific('Deny', $securityIdentifierToPurge, 268435456, 'none', 'none') # if there is no discretionaryacl..add Builtin Administrators and Remote Management Users # to the DACL group as this is the default WSMan behavior if ($sd.discretionaryacl.count -eq 0) { # Built-in administrators. [system.security.principal.wellknownsidtype]$bast = "BuiltinAdministratorsSid" $basid = new-object system.security.principal.securityidentifier $bast,$null $sd.DiscretionaryAcl.AddAccess('Allow',$basid, 268435456, 'none', 'none') # Remote Management Users, Win8+ only if ([System.Environment]::OSVersion.Version -ge "6.2.0.0") { $rmSidId = new-object system.security.principal.securityidentifier "S-1-5-32-580" $sd.DiscretionaryAcl.AddAccess('Allow', $rmSidId, 268435456, 'none', 'none') } # Interactive Users $iaSidId = new-object system.security.principal.securityidentifier "S-1-5-4" $sd.DiscretionaryAcl.AddAccess('Allow', $iaSidId, 268435456, 'none', 'none') } $sddl = $sd.GetSddlForm("all") } } ## end of if($sddl) $qMessage = $queryForSet -f $_.name,$sddl if (($sddl) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForSet))) { $null = Set-PSSessionConfiguration -Name $_.Name -SecurityDescriptorSddl $sddl -NoServiceRestart -force -WarningAction 0 } } ## end of foreach-object } catch { throw } # end of catch } # end of end block } # end of Enable-PSRemoting Enable-PSRemoting -force $args[0] -queryForRegisterDefault $args[1] -captionForRegisterDefault $args[2] -queryForSet $args[3] -captionForSet $args[4] -whatif:$args[5] -confirm:$args[6] -skipNetworkProfileCheck $args[7] 25bbbf63-a031-4961-946b-5a78d0139956 4104152150x0226839Microsoft-Windows-PowerShell/Operationalmswin-exch01.attackrange.local11Enable-PSRemoting -forcef566c4d4-1b9d-4385-9394-50c6260816d0 4104152150x0700543Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11Enable-PSRemoting -SkipNetworkProfileCheck 661b1caf-ab5d-4742-83d2-7a231308d912 4104152150x0699664Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11 function Enable-PSRemoting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="Medium")] param( [Parameter()] [bool] $Force, [Parameter()] [string] $queryForRegisterDefault, [Parameter()] [string] $captionForRegisterDefault, [Parameter()] [string] $queryForSet, [Parameter()] [string] $captionForSet, [Parameter()] [bool] $skipNetworkProfileCheck ) end { # Enable all Session Configurations try { $null = $PSBoundParameters.Remove("queryForRegisterDefault") $null = $PSBoundParameters.Remove("captionForRegisterDefault") $null = $PSBoundParameters.Remove("queryForSet") $null = $PSBoundParameters.Remove("captionForSet") $PSBoundParameters.Add("Name","*") # first try to enable all the sessions Enable-PSSessionConfiguration @PSBoundParameters # make sure default powershell end points exist # ie., Microsoft.PowerShell # and Microsoft.PowerShell32 (wow64) $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell","Register-PSSessionConfiguration Microsoft.PowerShell -force" if ((!$endpoint) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault))) { $null = Register-PSSessionConfiguration Microsoft.PowerShell -force set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell\Quotas\MaxShellsPerUser -value "25" -confirm:$false set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell\Quotas\MaxIdleTimeoutms -value 2147483647 -confirm:$false restart-service winrm -confirm:$false } # Check Microsoft.PowerShell.Workflow endpoint $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell.workflow -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } if (!$endpoint) { $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell.Workflow","Register-PSSessionConfiguration Microsoft.PowerShell.Workflow -force" if ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault)) { $tempxmlfile = [io.path]::Gettempfilename() " <PlugInConfiguration xmlns='http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration' Name='Microsoft.Powershell.Workflow' Filename='%windir%\system32\pwrshplugin.dll' SDKVersion='2' XmlRenderingType='text' UseSharedProcess='true' ProcessIdleTimeoutSec='1209600' OutputBufferingMode='Block' Enabled='True' > <InitializationParameters> <Param Name='PSVersion' Value='5.1' /> <Param Name='AssemblyName' Value='Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL'/> <Param Name='PSSessionConfigurationTypeName' Value='Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration'/> <Param Name='SessionConfigurationData' Value =' <SessionConfigurationData> <Param Name="ModulesToImport" Value="%windir%\system32\windowspowershell\v1.0\Modules\PSWorkflow" /> <Param Name="PrivateData"> <PrivateData> <Param Name="enablevalidation" Value="true" /> </PrivateData> </Param> </SessionConfigurationData> ' /> </InitializationParameters> <Resources> <Resource ResourceUri='http://schemas.microsoft.com/powershell/Microsoft.Powershell.Workflow' SupportsOptions='true' ExactMatch='true'> <Security Uri='http://schemas.microsoft.com/powershell/Microsoft.PowerShell.Workflow' Sddl='O:NSG:BAD:P(D;;GA;;;NU)(A;;GA;;;BA)(A;;GA;;;RM)(A;;GA;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)' ExactMatch='False'/> <Capability Type='Shell' /> </Resource> </Resources> <Quotas MaxMemoryPerShellMB='1024' MaxIdleTimeoutms='2147483647' MaxConcurrentUsers='5' IdleTimeoutms='7200000' MaxProcessesPerShell='15' MaxConcurrentCommandsPerShell='1000' MaxShells='25' MaxShellsPerUser='25' /> </PlugInConfiguration> " | out-file -force -filepath $tempxmlfile -confirm:$false $null = winrm create winrm/config/plugin?Name=Microsoft.PowerShell.Workflow -file:$tempxmlfile remove-item -path $tempxmlfile -force -confirm:$false restart-service winrm -confirm:$false } } $pa = $env:PROCESSOR_ARCHITECTURE if ($pa -eq "x86") { # on 64-bit platforms, wow64 bit process has the correct architecture # available in processor_architew6432 varialbe $pa = $env:PROCESSOR_ARCHITEW6432 } if ((($pa -eq "amd64")) -and (test-path $env:windir\syswow64\pwrshplugin.dll)) { # Check availability of WOW64 endpoint. Register if not available. $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell32 -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell32","Register-PSSessionConfiguration Microsoft.PowerShell32 -processorarchitecture x86 -force" if ((!$endpoint) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault))) { $null = Register-PSSessionConfiguration Microsoft.PowerShell32 -processorarchitecture x86 -force set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell32\Quotas\MaxShellsPerUser -value "25" -confirm:$false set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell32\Quotas\MaxIdleTimeoutms -value 2147483647 -confirm:$false restart-service winrm -confirm:$false } } # remove the 'network deny all' tag Get-PSSessionConfiguration -Force:$Force | % { $sddl = $null if ($_.psobject.members["SecurityDescriptorSddl"]) { $sddl = $_.psobject.members["SecurityDescriptorSddl"].Value } if ($sddl) { # Construct SID for network users [system.security.principal.wellknownsidtype]$evst = "NetworkSid" $networkSID = new-object system.security.principal.securityidentifier $evst,$null $securityIdentifierToPurge = $null $sd = new-object system.security.accesscontrol.commonsecuritydescriptor $false,$false,$sddl $sd.DiscretionaryAcl | % { if (($_.acequalifier -eq "accessdenied") -and ($_.securityidentifier -match $networkSID) -and ($_.AccessMask -eq 268435456)) { $securityIdentifierToPurge = $_.securityidentifier } } if ($securityIdentifierToPurge) { # Remove the specific ACE $sd.discretionaryacl.RemoveAccessSpecific('Deny', $securityIdentifierToPurge, 268435456, 'none', 'none') # if there is no discretionaryacl..add Builtin Administrators and Remote Management Users # to the DACL group as this is the default WSMan behavior if ($sd.discretionaryacl.count -eq 0) { # Built-in administrators. [system.security.principal.wellknownsidtype]$bast = "BuiltinAdministratorsSid" $basid = new-object system.security.principal.securityidentifier $bast,$null $sd.DiscretionaryAcl.AddAccess('Allow',$basid, 268435456, 'none', 'none') # Remote Management Users, Win8+ only if ([System.Environment]::OSVersion.Version -ge "6.2.0.0") { $rmSidId = new-object system.security.principal.securityidentifier "S-1-5-32-580" $sd.DiscretionaryAcl.AddAccess('Allow', $rmSidId, 268435456, 'none', 'none') } # Interactive Users $iaSidId = new-object system.security.principal.securityidentifier "S-1-5-4" $sd.DiscretionaryAcl.AddAccess('Allow', $iaSidId, 268435456, 'none', 'none') } $sddl = $sd.GetSddlForm("all") } } ## end of if($sddl) $qMessage = $queryForSet -f $_.name,$sddl if (($sddl) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForSet))) { $null = Set-PSSessionConfiguration -Name $_.Name -SecurityDescriptorSddl $sddl -NoServiceRestart -force -WarningAction 0 } } ## end of foreach-object } catch { throw } # end of catch } # end of end block } # end of Enable-PSRemoting Enable-PSRemoting -force $args[0] -queryForRegisterDefault $args[1] -captionForRegisterDefault $args[2] -queryForSet $args[3] -captionForSet $args[4] -whatif:$args[5] -confirm:$args[6] -skipNetworkProfileCheck $args[7] f7114787-6608-4a43-8ddb-a1fb76af9924 4104152150x0699662Microsoft-Windows-PowerShell/Operationalmswin-dc01.attackrange.local11enable-PSRemoting -force 327f2d88-9773-4092-a854-1f56f4e06017 4104152150x0717106Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11 function Enable-PSRemoting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="Medium")] param( [Parameter()] [bool] $Force, [Parameter()] [string] $queryForRegisterDefault, [Parameter()] [string] $captionForRegisterDefault, [Parameter()] [string] $queryForSet, [Parameter()] [string] $captionForSet, [Parameter()] [bool] $skipNetworkProfileCheck ) end { # Enable all Session Configurations try { $null = $PSBoundParameters.Remove("queryForRegisterDefault") $null = $PSBoundParameters.Remove("captionForRegisterDefault") $null = $PSBoundParameters.Remove("queryForSet") $null = $PSBoundParameters.Remove("captionForSet") $PSBoundParameters.Add("Name","*") # first try to enable all the sessions Enable-PSSessionConfiguration @PSBoundParameters # make sure default powershell end points exist # ie., Microsoft.PowerShell # and Microsoft.PowerShell32 (wow64) $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell","Register-PSSessionConfiguration Microsoft.PowerShell -force" if ((!$endpoint) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault))) { $null = Register-PSSessionConfiguration Microsoft.PowerShell -force set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell\Quotas\MaxShellsPerUser -value "25" -confirm:$false set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell\Quotas\MaxIdleTimeoutms -value 2147483647 -confirm:$false restart-service winrm -confirm:$false } # Check Microsoft.PowerShell.Workflow endpoint $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell.workflow -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } if (!$endpoint) { $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell.Workflow","Register-PSSessionConfiguration Microsoft.PowerShell.Workflow -force" if ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault)) { $tempxmlfile = [io.path]::Gettempfilename() " <PlugInConfiguration xmlns='http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration' Name='Microsoft.Powershell.Workflow' Filename='%windir%\system32\pwrshplugin.dll' SDKVersion='2' XmlRenderingType='text' UseSharedProcess='true' ProcessIdleTimeoutSec='1209600' OutputBufferingMode='Block' Enabled='True' > <InitializationParameters> <Param Name='PSVersion' Value='5.1' /> <Param Name='AssemblyName' Value='Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL'/> <Param Name='PSSessionConfigurationTypeName' Value='Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration'/> <Param Name='SessionConfigurationData' Value =' <SessionConfigurationData> <Param Name="ModulesToImport" Value="%windir%\system32\windowspowershell\v1.0\Modules\PSWorkflow" /> <Param Name="PrivateData"> <PrivateData> <Param Name="enablevalidation" Value="true" /> </PrivateData> </Param> </SessionConfigurationData> ' /> </InitializationParameters> <Resources> <Resource ResourceUri='http://schemas.microsoft.com/powershell/Microsoft.Powershell.Workflow' SupportsOptions='true' ExactMatch='true'> <Security Uri='http://schemas.microsoft.com/powershell/Microsoft.PowerShell.Workflow' Sddl='O:NSG:BAD:P(D;;GA;;;NU)(A;;GA;;;BA)(A;;GA;;;RM)(A;;GA;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)' ExactMatch='False'/> <Capability Type='Shell' /> </Resource> </Resources> <Quotas MaxMemoryPerShellMB='1024' MaxIdleTimeoutms='2147483647' MaxConcurrentUsers='5' IdleTimeoutms='7200000' MaxProcessesPerShell='15' MaxConcurrentCommandsPerShell='1000' MaxShells='25' MaxShellsPerUser='25' /> </PlugInConfiguration> " | out-file -force -filepath $tempxmlfile -confirm:$false $null = winrm create winrm/config/plugin?Name=Microsoft.PowerShell.Workflow -file:$tempxmlfile remove-item -path $tempxmlfile -force -confirm:$false restart-service winrm -confirm:$false } } $pa = $env:PROCESSOR_ARCHITECTURE if ($pa -eq "x86") { # on 64-bit platforms, wow64 bit process has the correct architecture # available in processor_architew6432 varialbe $pa = $env:PROCESSOR_ARCHITEW6432 } if ((($pa -eq "amd64")) -and (test-path $env:windir\syswow64\pwrshplugin.dll)) { # Check availability of WOW64 endpoint. Register if not available. $errorCount = $error.Count $endPoint = Get-PSSessionConfiguration Microsoft.PowerShell32 -Force:$Force -ErrorAction silentlycontinue 2>&1 $newErrorCount = $error.Count # remove the 'No Session Configuration matches criteria' errors for ($index = 0; $index -lt ($newErrorCount - $errorCount); $index ++) { $error.RemoveAt(0) } $qMessage = $queryForRegisterDefault -f "Microsoft.PowerShell32","Register-PSSessionConfiguration Microsoft.PowerShell32 -processorarchitecture x86 -force" if ((!$endpoint) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForRegisterDefault))) { $null = Register-PSSessionConfiguration Microsoft.PowerShell32 -processorarchitecture x86 -force set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell32\Quotas\MaxShellsPerUser -value "25" -confirm:$false set-item -WarningAction SilentlyContinue wsman:\localhost\plugin\Microsoft.PowerShell32\Quotas\MaxIdleTimeoutms -value 2147483647 -confirm:$false restart-service winrm -confirm:$false } } # remove the 'network deny all' tag Get-PSSessionConfiguration -Force:$Force | % { $sddl = $null if ($_.psobject.members["SecurityDescriptorSddl"]) { $sddl = $_.psobject.members["SecurityDescriptorSddl"].Value } if ($sddl) { # Construct SID for network users [system.security.principal.wellknownsidtype]$evst = "NetworkSid" $networkSID = new-object system.security.principal.securityidentifier $evst,$null $securityIdentifierToPurge = $null $sd = new-object system.security.accesscontrol.commonsecuritydescriptor $false,$false,$sddl $sd.DiscretionaryAcl | % { if (($_.acequalifier -eq "accessdenied") -and ($_.securityidentifier -match $networkSID) -and ($_.AccessMask -eq 268435456)) { $securityIdentifierToPurge = $_.securityidentifier } } if ($securityIdentifierToPurge) { # Remove the specific ACE $sd.discretionaryacl.RemoveAccessSpecific('Deny', $securityIdentifierToPurge, 268435456, 'none', 'none') # if there is no discretionaryacl..add Builtin Administrators and Remote Management Users # to the DACL group as this is the default WSMan behavior if ($sd.discretionaryacl.count -eq 0) { # Built-in administrators. [system.security.principal.wellknownsidtype]$bast = "BuiltinAdministratorsSid" $basid = new-object system.security.principal.securityidentifier $bast,$null $sd.DiscretionaryAcl.AddAccess('Allow',$basid, 268435456, 'none', 'none') # Remote Management Users, Win8+ only if ([System.Environment]::OSVersion.Version -ge "6.2.0.0") { $rmSidId = new-object system.security.principal.securityidentifier "S-1-5-32-580" $sd.DiscretionaryAcl.AddAccess('Allow', $rmSidId, 268435456, 'none', 'none') } # Interactive Users $iaSidId = new-object system.security.principal.securityidentifier "S-1-5-4" $sd.DiscretionaryAcl.AddAccess('Allow', $iaSidId, 268435456, 'none', 'none') } $sddl = $sd.GetSddlForm("all") } } ## end of if($sddl) $qMessage = $queryForSet -f $_.name,$sddl if (($sddl) -and ($force -or $pscmdlet.ShouldProcess($qMessage, $captionForSet))) { $null = Set-PSSessionConfiguration -Name $_.Name -SecurityDescriptorSddl $sddl -NoServiceRestart -force -WarningAction 0 } } ## end of foreach-object } catch { throw } # end of catch } # end of end block } # end of Enable-PSRemoting Enable-PSRemoting -force $args[0] -queryForRegisterDefault $args[1] -captionForRegisterDefault $args[2] -queryForSet $args[3] -captionForSet $args[4] -whatif:$args[5] -confirm:$args[6] -skipNetworkProfileCheck $args[7] 3a315d9f-035a-4a75-859d-9b389465187a 4104152150x0717104Microsoft-Windows-PowerShell/Operationalmswin-server.attackrange.local11enable-PSRemoting -force 42f593dd-145b-473b-afac-6eb141fc9ffa