Fix security constraints on windows machines

Due to a security update - windows has enabled security restrictions blocking WinRM basic authentication and unencrypted traffic 
and also changes the password requirements to require longer passwords.
This change fixes both
This commit is contained in:
Omri Siri 2019-09-18 12:14:36 +03:00 committed by GitHub
parent 577a34b1c3
commit 562f920336
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 2 deletions

View File

@ -372,7 +372,7 @@ for more info about what's going on behind the scenes here.
```powershell ```powershell
<powershell> <powershell>
# Set administrator password # Set administrator password
net user Administrator SuperS3cr3t! net user Administrator SuperS3cr3t!!!!
wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE
# First, make sure WinRM can't be connected to # First, make sure WinRM can't be connected to
@ -382,6 +382,14 @@ netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" n
winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null
winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
# Disable group policies which block basic authentication and unencrypted login
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowUnencryptedTraffic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic -Value 1
# Create a new WinRM listener and configure # Create a new WinRM listener and configure
winrm create winrm/config/listener?Address=*+Transport=HTTP winrm create winrm/config/listener?Address=*+Transport=HTTP
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}' winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
@ -512,7 +520,7 @@ customize and control the build process:
"user_data_file": "./bootstrap_win.txt", "user_data_file": "./bootstrap_win.txt",
"communicator": "winrm", "communicator": "winrm",
"winrm_username": "Administrator", "winrm_username": "Administrator",
"winrm_password": "SuperS3cr3t!" "winrm_password": "SuperS3cr3t!!!!"
} }
], ],
"provisioners": [ "provisioners": [