Quick Start Guide: WinRM

Requirements

  • A default installation of Windows Server 2019 Desktop as a target system

  • The target system is not managed in a Domain / GPO

  • Local Administrator access to the target and CIS-CAT server

  • All of the commands listed below should be run in PowerShell as Administrator

Implementation Steps

On the assessment target system (192.168.41.165)

Check and if necessary configure firewall rules to allow for incoming WinRM (TCP 5985) and SMB (TCP 445) from your CIS-CAT Server system.

Allow and confirm remote access to the machine for management with the command;

winrm quickconfig

On CIS-CAT Server system

Within PowerShell add the assessment target IP address to WinRM trusted hosts with this command;

Set-Item WSMan:\localhost\Client\TrustedHosts -Value 192.168.41.165

Run the CIS-CAT Pro Assessor GUI

Select Advanced > Add remote or local target system

Fill out the Information to the required fields;

 

Select the correct Benchmark and Profile for the Target system and click Add

Click Save

Click Test connection(s) to Targets and you should see output with a line saying Test Successful

Click on Next > Select a Report Output option > Next > Start Assessment

Troubleshooting Steps

On the Target system

Check to make sure WinRM is enabled and running on port 5985;

winrm enumerate winrm/config/listener

Check that SMB2 is running;

Get-SmbServerConfiguration | Select EnableSMB2Protocol

On the CIS-CAT server;

Check that the target system IP is in Trusted Hosts;

Get-Item WSMan:\localhost\Client\TrustedHosts

Check to see you can connect to the target host IP on ports 5985 and 445;

Test-NetConnection -ComputerName 192.168.41.165 -Port 5985 -InformationLevel Detailed

Test-NetConnection -ComputerName 192.168.41.165 -Port 445 -InformationLevel Detailed

Check to see you can connect to the target host IP on the WinRM service;

Test-WSMan -computername 192.168.41.165 -credential Administrator -Authentication negotiate

Video: WinRM Setup

Video 3- WinRM Setup AudioLevelFix.mp4

 

Copyright © 2024 Center for Internet Security® Privacy Policy