Setup
Mid Server Configuration
Much of this is set by default, but here's the settings that work.
Windows Configuration needed
Adding trusted host for WinRM.
PS C:\Windows\system32> winrm s winrm/config/client '@{TrustedHosts="spinup-0005a2.yu.yale.edu,172.17.172.207,spinup-0005a8.yu.yale.edu,172.17.172.247"}'
Ran into some issues with reverse DNS lookup. Might need some more investigation.
Run Results
Ecc Queue
One thing that's a bit confusing here is that we see WMI being invoked. This isn't actually remote WMI, which we'll get into below.
High Level Process
Wireshark
Shows WinRM port 5985 and only 5985 being used.
Powershell log
Further evidenced here is that PowerShell is using the Get-WmiObject cmdlet and not remote WMI
PS>CommandInvocation(Get-WmiObject): "Get-WmiObject" >> ParameterBinding(Get-WmiObject): name="Class"; value="Win32_ComputerSystem" Domain : yu.yale.edu Manufacturer : RDO Model : OpenStack Compute Name : SPINUP-0005A8 PrimaryOwnerName : Windows User TotalPhysicalMemory : 8589373440
Without local admin
Work in progress...