Product Name
CIS-CAT Pro Assessor v4
Product Version
all
Date
Problem
Info |
---|
How can I do a CIS-CAT Pro Assessor remote assessment of a Windows target using WinRM? |
Solution
These should only be run on a test or development system to help understand the requirements for CIS-CAT remote assessment
To simplify that process this is assuming an un-encrypted connection and the firewall may need to be disabled. In the CIS-CAT \config\sessions.properties file ensure the port is set to 5985
Once you have used these steps to troubleshoot the connection adjust the WimRM security settings for your environment
Read the CIS-CAT Documentation section;
Start WinRM on the target system;
PS > winrm quickconfig
Test the WinRM connection from the server to the target;
PS > Test-WSMan -computername <target_ip> -credential <name> -Authentication Negotiate
Warning |
---|
If the Test-WSMan connection fails with an error try the following commands in turn and then re-run Test-WSMan until you get a successful connection; |
Ensure that UAC remote restrictions have been disabled on the target machine. This command should return a value of 1. If it does not then please reference this section of the CIS-CAT Documentation
PS > Get-ItemPropertyValue HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy
Add the target IP to the winrm trusted hosts on the server;
PS > Set-Item WSMan:\localhost\Client\TrustedHosts -Value <target_ip>
Allow unencrypted connections on the target machine;
CMD > winrm set winrm/config/service @{AllowUnencrypted="true"}
Ensure that allow remote shell access is enabled on the target machine;
PS > Get-Item WSMan:\localhost\Shell\AllowRemoteShellAccess
Turn off the firewall on the target machine;
CMD > netsh advfirewall set currentprofile state off
Tip |
---|
When the Test-WSMan command succeeds, and the credentials in session.properties match, then a CIS-CAT remote assessment should run. You can check WinRM connectivity with the command Assesor-CLI.bat --test NOTE that SMB is also required so you will need to allow connection to the target host using SMB on port 445 |
Additional Information;
Understanding and troubleshooting WinRM connection and authentication
Related Content
by LabelFilter by label (Content by label) | ||||||
---|---|---|---|---|---|---|
|
Page Properties | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||
|