We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

How do you secure your environment while using Powershell 2.0 remoting ? (PCI Compliance)

Medium Priority
1,053 Views
Last Modified: 2012-05-11

Hi All,

How do you secure your Windows domain environment while still enabling the Powershell 2.0 remoting capabilities (WinRM invoke-item) ?

because at the moment my company datacenter would like to implement tight security policy according to this guideline: https://www.pcisecuritystandards.org/ ?

normally I use the Powershell for managing and monitoring the Exchange Server, Active Directory and VMware vSphere environment.

Any kind of help and suggestion would be greatly appreciated.

Cheers,

JJ
Comment
Watch Question

CERTIFIED EXPERT

Commented:
http://technet.microsoft.com/en-us/library/cc782312(WS.10).aspx

Using HTTPS will meet the PCI requirements
CERTIFIED EXPERT

Commented:
Even better, you should place a firewall between your servers with PCI data and the rest of your environment, and let only required traffic through.  If you do that, the rest of your environment is not automatically included in the scope of PCI required computers.

Easier said than done, I know, but it does greatly reduce the chance of PCI audit failures.

Author

Commented:
ok, is there a way to enable Powershell to listen on HTTPS port or just in the certain secure port ?
CERTIFIED EXPERT

Commented:
http://msdn.microsoft.com/en-us/library/aa384372%28v=vs.85%29.aspx

Create an HTTPS listener by typing the following command: winrm quickconfig -transport:https. Be aware that you must open port 5986 (Default HTTPS port in 2.0) for HTTPS transport to work.
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
To create a HTTPS listener on a custom HTTPS port, use the following command:
Winrm create winrm/config/listener?Address=*+Transport=HTTPS @{Port="8888"}

Open in new window

Author

Commented:
hm.. can we use port 443 instead ?
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Many thanks man !
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.