WinRM troubleshooting for remote CIS-CAT Pro assessment of a Windows target system
Product Name
CIS-CAT Pro Assessor v4
Product Version
all
Date
Aug 14, 2020
Problem
How can I do a CIS-CAT Pro Assessor remote assessment of a Windows target using WinRM?
Solution
These should only be run on a test or development system to help understand the requirements for CIS-CAT remote assessment
To simplify that process this is assuming an unencrypted connection and the firewall may need to be disabled. In the CIS-CAT \config\sessions.properties file ensure the port is set to 5985
Once you have used these steps to troubleshoot the connection adjust the WimRM security settings for your environment
Read the CIS-CAT Documentation section;
Start WinRM on the target system;
PS > winrm quickconfig
Test the WinRM connection from the server to the target;
PS > Test-WSMan -computername <target_ip> -credential <name> -Authentication Negotiate
If the Test-WSMan connection fails with an error try the following commands in turn and then re-run Test-WSMan until you get a successful connection;
Ensure that UAC remote restrictions have been disabled on the target machine. This command should return a value of 1. If it does not then please reference this section of the CIS-CAT Documentation
PS > Get-ItemPropertyValue HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy
Add the target IP to the winrm trusted hosts on the server;
PS > Set-Item WSMan:\localhost\Client\TrustedHosts -Value <target_ip>
Allow unencrypted connections on the target machine;
CMD > winrm set winrm/config/service @{AllowUnencrypted="true"}
Ensure that allow remote shell access is enabled on the target machine;
PS > Get-Item WSMan:\localhost\Shell\AllowRemoteShellAccess
Turn off the firewall on the target machine;
CMD > netsh advfirewall set currentprofile state off
Additional Information;
Understanding and troubleshooting WinRM connection and authentication
Related Content