首页
酷软
游戏
媒体
- 电影
- 剧集
- 动画
- 记录
- 综艺
- MV
- 有声世界
云资源
源码
更多
- 文库
- 系统
- web
- 站长帮
- 玩电脑
- 玩游戏
- 玩手机
- 涨姿势
- 玩软件
- 云图志
- 看漫画
- 微读书
- PS玩家
- 网文网语
- 硬件数码
- 编程开发
- 神秘之旅
- 福利线报
- 商业资源
- 网赚相关
- 健康加油站
赞助专区
云盘专区
资源阁
缘聚岛
BT种子库

[玩转系统] 禁用 PSRemoting (Microsoft.PowerShell.Core)

作者：精品下载站日期：2024-12-14 02:16:49 浏览：15 分类：玩电脑

禁用 PSRemoting (Microsoft.PowerShell.Core)

禁用-PSRemoting

模块：Microsoft.PowerShell.Core

阻止 PowerShell 端点接收远程连接。

句法

Disable-PSRemoting
       [-Force]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

描述

此 cmdlet 仅适用于 Windows 平台。

Disable-PSRemoting cmdlet 会阻止远程访问本地计算机上的所有 PowerShell 版本 6 和更高版本的会话端点配置。它不会影响 Windows PowerShell 端点配置。要禁用 Windows PowerShell 会话端点配置，请从 Windows PowerShell 会话中运行 Disable-PSRemoting 命令。

要重新启用对所有 PowerShell 版本 6 和更高版本的会话端点配置的远程访问，请使用 Enable-PSRemoting cmdlet。要重新启用对所有 Windows PowerShell 会话终结点配置的远程访问，请从 Windows PowerShell 会话中运行 Enable-PSRemoting。

笔记

如果要禁用对本地 Windows 计算机的所有 PowerShell 远程访问，则必须从 PowerShell 版本 6 或更高版本会话内以及 Windows PowerShell 会话内运行此命令。默认情况下，Windows PowerShell 安装在所有 Windows 计算机上。

要禁用和重新启用对特定会话端点配置的远程访问，请使用 Enable-PSSessionConfiguration 和 Disable-PSSessionConfiguration cmdlet。要设置各个端点的特定访问配置，请使用 Set-PSSessionConfiguration cmdlet 以及 AccessMode 参数。有关会话配置的更多信息，请参阅 about_Session_Configurations。

笔记

即使运行 Disable-PSRemoting 后，您仍然可以在本地计算机上建立环回连接。环回连接是源自同一本地计算机并连接到同一本地计算机的 PowerShell 远程会话。来自外部源的远程会话仍被阻止。对于环回连接，您必须在 EnableNetworkAccess 参数中使用隐式凭据。有关环回连接的更多信息，请参阅New-PSSession。

此 cmdlet 仅在 Windows 平台上可用。它在 Linux 或 macOS 版本的 PowerShell 上不可用。要运行此 cmdlet，请使用以管理员身份运行选项启动 PowerShell。

示例

示例 1：防止远程访问所有 PowerShell 会话配置

此示例阻止远程访问计算机上的所有 PowerShell 会话端点配置。

Disable-PSRemoting

WARNING: PowerShell remoting has been disabled only for PowerShell 6+ configurations and does not affect
 Windows PowerShell remoting configurations. Run this cmdlet in Windows PowerShell to affect all PowerShell
 remoting configurations.

WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting
 or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
    1. Stop and disable the WinRM service.
    2. Delete the listener that accepts requests on any IP address.
    3. Disable the firewall exceptions for WS-Management communications.
    4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to
       members of the Administrators group on the computer.

示例 2：在没有确认提示的情况下阻止远程访问所有 PowerShell 会话配置

此示例阻止在没有提示的情况下远程访问计算机上的所有 PowerShell 会话端点配置。

Disable-PSRemoting -Force

WARNING: PowerShell remoting has been disabled only for PowerShell 6+ configurations and does not affect
 Windows PowerShell remoting configurations. Run this cmdlet in Windows PowerShell to affect all PowerShell
 remoting configurations.

WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting
 or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
    1. Stop and disable the WinRM service.
    2. Delete the listener that accepts requests on any IP address.
    3. Disable the firewall exceptions for WS-Management communications.
    4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to
       members of the Administrators group on the computer.

示例 3：运行此 cmdlet 的效果

此示例显示使用 Disable-PSRemoting cmdlet 的效果。要运行此命令序列，请使用以管理员身份运行选项启动 PowerShell。

禁用会话配置后，New-PSSession cmdlet 尝试创建到本地计算机的远程会话（也称为“环回”）。由于本地计算机上禁用了远程访问，因此该命令失败。

Disable-PSRemoting -Force
New-PSSession -ComputerName localhost -ConfigurationName PowerShell.6

WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting
 or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
    1. Stop and disable the WinRM service.
    2. Delete the listener that accepts requests on any IP address.
    3. Disable the firewall exceptions for WS-Management communications.
    4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to
       members of the Administrators group on the computer.

New-PSSession : [localhost] Connecting to remote server localhost failed with the following error
 message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName localhost -ConfigurationName PowerShell.6
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OpenError: (System.Management.A\u2026tion.RemoteRunspace:RemoteRunspace)
 [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed

示例 4：运行此 cmdlet 和 Enable-PSRemoting 的效果

此示例显示使用 Disable-PSRemoting 和 Enable-PSRemoting cmdlet 对会话配置的影响。

Disable-PSRemoting 用于禁用对所有 PowerShell 会话端点配置的远程访问。 Force 参数会抑制所有用户提示。 Get-PSSessionConfiguration 和 Format-Table cmdlet 显示计算机上的会话配置。

输出显示所有具有网络令牌的远程用户都被拒绝访问端点配置。只要本地计算机上的管理员组进行本地连接（也称为环回）并使用隐式凭据，就可以访问端点配置。

Disable-PSRemoting -Force
Get-PSSessionConfiguration | Format-Table -Property Name, Permission -AutoSize

Enable-PSRemoting -Force
Get-PSSessionConfiguration | Format-Table -Property Name, Permission -AutoSize

Name               Permission
----               ----------
PowerShell.6       NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed ...
PowerShell.6.2.0   NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed ...

Name               Permission
----               ----------
PowerShell.6       NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed ...
PowerShell.6.2.0   NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed ...

Enable-PSRemoting cmdlet 重新启用对计算机上所有 PowerShell 会话端点配置的远程访问。 Force 参数会抑制所有用户提示并在不提示的情况下重新启动 WinRM 服务。新输出显示 AccessDenied 安全描述符已从所有会话配置中删除。

示例 5：具有禁用会话端点配置的环回连接

此示例演示如何禁用端点配置，并展示如何成功建立与禁用端点的环回连接。 Disable-PSRemoting 禁用所有 PowerShell 会话端点配置。

Disable-PSRemoting -Force

WARNING: PowerShell remoting has been disabled only for PowerShell 6+ configurations and does not affect
 Windows PowerShell remoting configurations. Run this cmdlet in Windows PowerShell to affect all PowerShell
 remoting configurations.

WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting
 or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
    1. Stop and disable the WinRM service.
    2. Delete the listener that accepts requests on any IP address.
    3. Disable the firewall exceptions for WS-Management communications.
    4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to
       members of the Administrators group on the computer.

New-PSSession -ComputerName localhost -ConfigurationName powershell.6 -Credential (Get-Credential)

PowerShell credential request
Enter your credentials.
User: UserName
Password for user UserName: ************

New-PSSession: [localhost] Connecting to remote server localhost failed with the following error message
 : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

New-PSSession -ComputerName localhost -ConfigurationName powershell.6 -EnableNetworkAccess

Id Name       Transport ComputerName  ComputerType   State   ConfigurationName   Availability
 -- ----       --------- ------------  ------------   -----   -----------------   ------------
 1  Runspace1  WSMan     localhost     RemoteMachine  Opened  powershell.6           Available

第一次使用 New-PSSession 尝试创建到本地计算机的远程会话。 ConfigurationName 参数用于指定禁用的 PowerShell 端点。凭据通过 Credential 参数显式传递给命令。这种类型的连接通过网络堆栈并且不是环回。因此，与禁用端点的连接尝试失败，并出现访问被拒绝错误。

第二次使用 New-PSSession 还尝试创建到本地计算机的远程会话。在本例中，它会成功，因为它是绕过网络堆栈的环回连接。

当满足以下条件时，将创建环回连接：

要连接的计算机名称是“localhost”。
不传入任何凭据。当前登录的用户（隐式凭据）用于连接。
使用EnableNetworkAccess开关参数。

有关环回连接的更多信息，请参阅 New-PSSession 文档。

示例 6：禁用所有 PowerShell 远程处理端点配置

此示例演示了运行 Disable-PSRemoting 命令如何不会影响 Windows PowerShell 端点配置。在 Windows PowerShell 中运行的 Get-PSSessionConfiguration 显示所有端点配置。我们看到 Windows PowerShell 端点配置未禁用。

Disable-PSRemoting -Force
powershell.exe -command 'Get-PSSessionConfiguration'

WARNING: PowerShell remoting has been disabled only for PowerShell 6+ configurations and does not affect
 Windows PowerShell remoting configurations. Run this cmdlet in Windows PowerShell to affect all PowerShell
 remoting configurations.

WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting
 or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
    1. Stop and disable the WinRM service.
    2. Delete the listener that accepts requests on any IP address.
    3. Disable the firewall exceptions for WS-Management communications.
    4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to
       members of the Administrators group on the computer.

Name          : microsoft.powershell
PSVersion     : 5.1
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote
                Management Users AccessAllowed

Name          : microsoft.powershell.workflow
PSVersion     : 5.1
StartupScript :
RunAsUser     :
Permission    : BUILTIN\Administrators AccessAllowed, BUILTIN\Remote Management Users AccessAllowed

Name          : microsoft.powershell32
PSVersion     : 5.1
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote
                Management Users AccessAllowed

Name          : PowerShell.6
PSVersion     : 6.2
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators
                AccessAllowed, BUILTIN\Remote Management Users AccessAllowed

Name          : PowerShell.6.2.2
PSVersion     : 6.2
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators
                AccessAllowed, BUILTIN\Remote Management Users AccessAllowed

powershell.exe -command 'Disable-PSRemoting -Force'
powershell.exe -command 'Get-PSSessionConfiguration'

WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting or
Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
    1. Stop and disable the WinRM service.
    2. Delete the listener that accepts requests on any IP address.
    3. Disable the firewall exceptions for WS-Management communications.
    4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to members of the
Administrators group on the computer.

Name          : microsoft.powershell
PSVersion     : 5.1
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators
                AccessAllowed, BUILTIN\Remote Management Users AccessAllowed

Name          : microsoft.powershell.workflow
PSVersion     : 5.1
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote Management
                Users AccessAllowed

Name          : microsoft.powershell32
PSVersion     : 5.1
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators
                AccessAllowed, BUILTIN\Remote Management Users AccessAllowed

Name          : PowerShell.6
PSVersion     : 6.2
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators
                AccessAllowed, BUILTIN\Remote Management Users AccessAllowed

Name          : PowerShell.6.2.2
PSVersion     : 6.2
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators
                AccessAllowed, BUILTIN\Remote Management Users AccessAllowed

要禁用这些终结点配置，必须从 Windows PowerShell 会话中运行 Disable-PSRemoting 命令。现在，从 Windows PowerShell 中运行的 Get-PSSessionConfiguration 显示所有端点配置均已禁用。

示例 7：防止远程访问具有自定义安全描述符的会话配置

此示例演示 Disable-PSRemoting cmdlet 禁用对所有会话配置（包括具有自定义安全描述符的会话配置）的远程访问。

Register-PSSessionConfiguration 创建测试会话配置。 FilePath 参数指定自定义会话的会话配置文件。 ShowSecurityDescriptorUI 参数显示一个对话框，用于设置会话配置的权限。在“权限”对话框中，我们为指定用户创建自定义完全访问权限。

Get-PSSessionConfiguration 和 Format-Table cmdlet 显示会话配置及其属性。输出显示测试会话配置允许指定用户进行交互式访问和特殊权限。

Disable-PSRemoting 禁用对所有会话配置的远程访问。

Register-PSSessionConfiguration -Name Test -FilePath .\TestEndpoint.pssc -ShowSecurityDescriptorUI -Force
Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Wrap

Disable-PSRemoting -Force
Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Wrap
New-PSSession -ComputerName localhost -ConfigurationName Test

Name               Permission
----               ----------
PowerShell.6       NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed,
                   BUILTIN\Remote Management Users AccessAllowed
PowerShell.6.2.0   NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed,
                   BUILTIN\Remote Management Users AccessAllowed
Test               NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed,
                   User01 AccessAllowed

WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting
 or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
    1. Stop and disable the WinRM service.
    2. Delete the listener that accepts requests on any IP address.
    3. Disable the firewall exceptions for WS-Management communications.
    4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to
       members of the Administrators group on the computer.

Name               Permission
----               ----------
PowerShell.6       NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed,
                   BUILTIN\Administrators AccessAllowed, BUILTIN\Remote Management Users AccessAllowed
PowerShell.6.2.0   NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed,
                   BUILTIN\Administrators AccessAllowed, BUILTIN\Remote Management Users AccessAllowed
Test               NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed,
                   BUILTIN\Administrators AccessAllowed, User01 AccessAllowed

New-PSSession : [localhost] Connecting to remote server localhost failed with the following error message
 : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName localhost -ConfigurationName Test
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OpenError: (System.Management.A\u2026tion.RemoteRunspace:RemoteRunspace)
 [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed

现在，Get-PSSessionConfiguration 和 Format-Table cmdlet 显示所有网络用户的 AccessDenied 安全描述符已添加到所有会话配置中，包括测试会话配置。尽管其他安全描述符未更改，但“network_deny_all”安全描述符优先。通过尝试使用 New-PSSession 连接到 Test 会话配置来说明这一点。

示例 8：重新启用对选定会话配置的远程访问

此示例演示如何仅重新启用对选定会话配置的远程访问。禁用所有会话配置后，我们重新启用特定会话。

Set-PSSessionConfiguration cmdlet 用于更改 PowerShell.6 会话配置。值为 Remote 的 AccessMode 参数重新启用对配置的远程访问。

Disable-PSRemoting -Force
Get-PSSessionConfiguration | Format-Table -Property Name, Permission -AutoSize

Set-PSSessionConfiguration -Name PowerShell.6 -AccessMode Remote -Force
Get-PSSessionConfiguration | Format-Table -Property Name, Permission -AutoSize

WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting
 or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
    1. Stop and disable the WinRM service.
    2. Delete the listener that accepts requests on any IP address.
    3. Disable the firewall exceptions for WS-Management communications.
    4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to
       members of the Administrators group on the computer.

Name                 Permission
----                 ----------
PowerShell.6         NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Adm ...
PowerShell.6.2.0     NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Adm ...

Name                 Permission
----                 ----------
PowerShell.6         NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\ ...
PowerShell.6.2.0     NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Adm ...

参数

-Confirm

在运行 cmdlet 之前提示您进行确认。

类型：

SwitchParameter

别名：

位置：

命名

默认值：

False

必需的：

False

接受管道输入：

False

接受通配符：

False

-Force

强制运行命令而不要求用户确认。

类型：

SwitchParameter

位置：

命名

默认值：

None

必需的：

False

接受管道输入：

False

接受通配符：

False

-WhatIf

显示 cmdlet 运行时会发生什么情况。该 cmdlet 未运行。

类型：

SwitchParameter

别名：

位置：

命名

默认值：

False

必需的：

False

接受管道输入：

False

接受通配符：

False

输入

无

您无法将对象通过管道传输到此 cmdlet。

输出

无

此 cmdlet 不返回任何输出。

笔记

此 cmdlet 仅适用于 Windows 平台。

禁用会话配置不会撤消 Enable-PSRemoting 或 Enable-PSSessionConfiguration cmdlet 所做的所有更改。您可能必须手动撤消以下更改。
1. 停止并禁用 WinRM 服务。
删除接受任何 IP 地址请求的侦听器。
禁用 WS-Management 通信的防火墙例外。
将 LocalAccountTokenFilterPolicy 的值恢复为 0，这将限制计算机上管理员组成员的远程访问。
会话端点配置是定义会话环境的一组设置。连接到计算机的每个会话都必须使用在计算机上注册的会话终结点配置之一。通过拒绝对所有会话端点配置的远程访问，您可以有效地防止远程用户建立连接到计算机的会话。