我一直在努力应对winrm和TrustedHosts,但无济于事.经过一些实验,我发现winrm / config / client的这个字段限制为多达1023个符号,这是不够的,特别是如果他们的ipv6添加主机.
我引用 Installation and Configuration for Windows Remote Management:当无法建立相互身份验证时,应设置可信主机列表.
我引用 Installation and Configuration for Windows Remote Management:当无法建立相互身份验证时,应设置可信主机列表.
文本也在同一文件中说明:工作组中的其他计算机或不同域中的计算机应添加到此列表中.所以我认为这意味着只要两台计算机在同一个域中,我就可以使用winrm从另一台计算机中访问其中一台.
我试图将两台计算机添加到测试域并执行:
winrm get winrm/config/client -r:192.168.100.1 -u:user -p:pass
WSManFault
Message = The WinRM client cannot process the request. If the authentication
scheme is different from Kerberos,or if the client computer is not joined to a
domain,then HTTPS transport must be used or the destination machine must be ad
ded to the TrustedHosts configuration setting. Use winrm.cmd to configure Truste
dHosts. You can get more information about that by running the following command
: winrm help config.
Error number: -2144108316 0x803380E4
The WinRM client cannot process the request. If the authentication scheme is dif
ferent from Kerberos,or if the client computer is not joined to a domain,then
HTTPS transport must be used or the destination machine must be added to the Tru
stedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. You ca
n get more information about that by running the following command: winrm help c
onfig.
将192.168.100.1添加到TrustedHosts后,上面的查询成功.所以我的问题是:是否可以在两台主机之间使用winrm而无需修改TrustedHosts?将可信主机设置为*不是我的选择.
