WinRM troubleshooting for remote CIS-CAT Pro assessment of a Windows target system

Product Name

CIS-CAT Pro Assessor v4

Product Version

all

Date

Aug 14, 2020

Problem

How can I do a CIS-CAT Pro Assessor remote assessment of a Windows target using WinRM?

These should only be run on a test or development system to help understand the requirements for CIS-CAT remote assessment
To simplify that process this is assuming an unencrypted connection and the firewall may need to be disabled. In the CIS-CAT \config\sessions.properties file ensure the port is set to 5985
Once you have used these steps to troubleshoot the connection adjust the WimRM security settings for your environment

Read the CIS-CAT Documentation section;
- https://ciscat-assessor.docs.cisecurity.org/en/latest/Configuration%20Guide/#winrm-configuration
Start WinRM on the target system;
- PS > winrm quickconfig
Test the WinRM connection from the server to the target;
- PS > Test-WSMan -computername <target_ip> -credential <name> -Authentication Negotiate

If the Test-WSMan connection fails with an error try the following commands in turn and then re-run Test-WSMan until you get a successful connection;

Ensure that UAC remote restrictions have been disabled on the target machine. This command should return a value of 1. If it does not then please reference this section of the CIS-CAT Documentation
- PS > Get-ItemPropertyValue HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy
Add the target IP to the winrm trusted hosts on the server;
- PS > Set-Item WSMan:\localhost\Client\TrustedHosts -Value <target_ip>
Allow unencrypted connections on the target machine;
- CMD > winrm set winrm/config/service @{AllowUnencrypted="true"}
Ensure that allow remote shell access is enabled on the target machine;
- PS > Get-Item WSMan:\localhost\Shell\AllowRemoteShellAccess
Turn off the firewall on the target machine;
- CMD > netsh advfirewall set currentprofile state off

Additional Information;