General - Windows Remote Management
A large part of the client management functions are executed via remote PowerShell using WinRM. The clients to be managed must be configured for this.
Information about Windows Remote Management
Configuration on a client to be managed
Commandline call: winrm qc -quiet -transport:http –force
thereby becomes ...
- the WinRM service is started and its startup type is set to automatic
- a "listener" is created to accept incoming connections
- the default port is set to 5985
- added a firewall rule
For security reasons the port can be changed. The following command line call must be made for this purpose:
winrm set winrm/config/Listener?Address=*+Transport=HTTP @{Port="1234"}
The firewall rule should then be adjusted accordingly for this port.
Signed PowerShell scripts and different domains
If your domain security policies require signed PowerShell scripts, you must customize all scripts within the PS1 directory of the SCCM Manager server installation.
{Installationpath}\PS1\DEFAULT
If you want to manage clients in different domains and the scripts need to be signed differently accordingly, proceed as follows.
- Copy directory "DEFAULT" and rename to domain name (example: SMCTEAM.DE)
- Sign scripts within the new script directory accordingly
- Enable the PSEnabledDomainFolderLookup value in the web service configuration.
- If the respective domain of a client can now be resolved correctly, the respective matching script directory is used.