PowerShell: Add Windows TrustedHosts Remotely

<# AddTrustedHostsRemote.ps1

Solves this problem:
enter-pssession : Connecting to remote server REMOTESHERVER failed with the following error message : WinRM cannot
process the request. The following error occurred while using Kerberos authentication: Cannot find the computer
OMSVEPIAZU901. Verify that the computer exists on the network and that the name provided is spelled correctly. For
more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ enter-pssession REMOTESHERVER
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (REMOTESHERVER:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
#>

# Change this value
$computername="REMOTESHEVER"

# Autogen variables
$trustedHosts="*.$env:USERDNSDOMAIN"
$adminUsername=Read-Host -Prompt 'Input your admin name in this format DOMAIN\UserID';
$password=Read-Host -Prompt "Input the password for $adminUsername" -AsSecureString;
$passwordHash = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password);
$adminPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($passwordHash);

# Enable WinRM Remotely
psexec.exe \\$computername -u $adminUsername -p $adminPassword -s C:\Windows\system32\winrm.cmd qc -quiet

# Add Trusted hosts
$addTrustedHostsRemote="psexec.exe \\$computername -u $adminUsername -p $adminPassword -h -d powershell.exe 'set-item WSMan:\localhost\Client\TrustedHosts -Value $trustedHosts -Concatenate -force'"
Invoke-Expression $addTrustedHostsRemote;

<# Failure Example: this is due to a cross-domain default credential being used
PS C:\Users\kim> Invoke-Expression $addTrustedHostsRemote;

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Couldn't access SHERVER:
Access is denied.
#>

<# View trusted hosts: default view
Get-Item WSMan:\localhost\Client\TrustedHosts
PS C:\Users\kim> Get-Item WSMan:\localhost\Client\TrustedHosts
WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client
Type Name SourceOfValue Value
---- ---- ------------- -----
System.String TrustedHosts

# Set view
C:\Windows\system32> Get-Item WSMan:\localhost\Client\TrustedHosts


WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client

Type Name SourceOfValue Value
--- ---- ------------- -----
System.String TrustedHosts *.kimconnect.local,10.10.0.*
#>

<# Set Trusted Hosts
$trustedHosts="*.domain.local"
set-item WSMan:\localhost\Client\TrustedHosts -Value $trustedHosts -Concatenate -force

set-item : Access is denied.
At line:1 char:1
+ set-item WSMan:\localhost\Client\TrustedHosts -Value $trustedHosts -C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-Item], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetItemCommand

Set-ItemProperty –Path "REGISTRY::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" –Name LocalAccountTokenFilterPolicy –Value 1 -Type DWord
PS C:\Users\kim> Set-ItemProperty –Path "REGISTRY::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" –Na
me LocalAccountTokenFilterPolicy –Value 1 -Type DWord
Set-ItemProperty : Requested registry access is not allowed.
At line:1 char:1
+ Set-ItemProperty –Path "REGISTRY::HKLM\SOFTWARE\Microsoft\Windows\Cur ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (HKLM\SOFTWARE\M...Policies\System:String) [Set-ItemProperty], Securit
yException
+ FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Resolution: Run-Powershell as Administrator on the remote host

# Other things:
$clientSubnet="10.10.10.*" # Corresponds to 10.10.10.0/24 subnet
set-item WSMan:\localhost\Client\TrustedHosts -Value $clientSubnet -Concatenate -force
get-item WSMan:\localhost\Client\TrustedHosts

Enter-PSSession -Credential "$env:USERDNSDOMAIN\Administrator" localhost # This works as elevated admin session; perhaps, due to the built-in hard-coding of its ssid
#>

<# Accessing WinRM cross-domain
$adminUser="kimconnect.net\baloo"
$remoteSherver="SHEVER009.kimconnect.net"
enter-pssession $remoteSherver -Credential $adminUser
#>

Leave a Reply

Your email address will not be published. Required fields are marked *