Enumerate

Get-PSSessionConfiguration

Lists all registered PowerShell session configurations.

winrm get winrm/config

Displays the current WinRM configuration.

winrm get winrm/config/Service

Displays the security configuration for the WinRM service.

winrm get winrm/config/Client

Displays the WinRM client configuration.

Get-WSManInstance winrm/config -Enumerate

Retrieves the current WinRM configuration.

Get-WSManCredSSP

Displays the Credential Security Support Provider (CredSSP) configuration for WinRM, which affects remote authentication.

Get-PSSessionConfiguration | fl *

Lists detailed information about all PowerShell session configurations

Get-Item -Path WSMan:\localhost\Client\TrustedHosts

Lists the hosts trusted by the WinRM client, impacting remote command execution security.

Get-Item -Path WSMan:\localhost\Service\Auth

Shows the authentication methods supported by the WinRM service, indicating security protocols in use.

Get-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)"

Lists firewall rules for WinRM HTTP traffic, impacting network security for remote management.

Get-NetFirewallRule -DisplayName "Remote Desktop - User Mode (TCP-In)"

Lists firewall rules for inbound Remote Desktop Protocol (RDP) connections, affecting RDP security.

Retrieves Remote Desktop Protocol (RDP) security settings using WMI:

Get-WmiObject -Namespace root\cimv2 -Class Win32_TSGeneralSetting -Filter "TerminalName='RDP-tcp'"

Retrieves registry settings indicating if unencrypted traffic is allowed for WinRM, affecting security:

Get-ItemProperty HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic

Queries current network profiles:

Get-ChildItem 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkList\\Profiles'

Last updated 2 years ago