Skip to content

Commit

Permalink
Merge pull request #1783 from azooinmyluggage/patch-7
Browse files Browse the repository at this point in the history 
Updated WinRM section and removed the table at the bottom
  • Loading branch information
@mvvsubbu
mvvsubbu committed May 24, 2016
2 parents ed3f5d8 + 0ce36b6 commit ab45cca
Showing 1 changed file with 16 additions and 16 deletions.
32 changes: 16 additions & 16 deletions Tasks/PowerShellOnTargetMachines/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,21 @@
### Overview
The task is used run PowerShell on the target machines. The task can run both PowerShell scripts and PowerShell-DSC scripts. For PowerShell scripts, PowerShell 2.0 is needed on the machines and for PowerShell-DSC scripts [Windows Management Framework 4.0](https://www.microsoft.com/en-in/download/details.aspx?id=40855&40ddd5bd-f9e7-49a6-3526-f86656931a02=True) needs to be installed on the machines. WMF 4.0 ships in-the-box in Windows 8.1 and Windows Server 20012 R2.

###WinRM setup
This task uses the [Windows Remote Management](https://msdn.microsoft.com/en-us/library/aa384426.aspx) (WinRM) to access domain-joined or workgroup, on-premises physical or virtual machines.

#### Windows Remote Management (WinRM) Setup for On-premises Physical or Virtual Machines
To easily **setup WinRM** on the **host machines** follow the directions for [domain-joined machines](https://www.visualstudio.com/en-us/docs/release/examples/other-servers/net-to-vm) or the [workgroup machines](https://www.visualstudio.com/en-us/docs/release/examples/other-servers/net-to-workgroup-vm).

#### Windows Remote Management (WinRM) Setup for Azure Virtual Machines
Azure virtual machines only work with the WinRM HTTPS protocol. With the WinRM protocol selected as HTTPS, you have an option to use the Test Certificate. Selecting the Test Certificate option means that the certificate is a self-signed certificate, and the automation agent will skip validating the authenticity of the machine's certificate from a trusted certification authority.

- **Classic Virtual machines:** When creating [classic virtual machine](https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-tutorial-classic-portal/) from the [new Azure portal](https://portal.azure.com/) or the [classic Azure portal](https://manage.windowsazure.com/), the virtual machine is already setup for WinRM HTTPS, with the default port 5986 already open in Firewall, and a self-signed certificate installed on the machine. These virtual machines can be directly added to the WinRM. The existing [classic virtual machine](https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-tutorial-classic-portal/) can be also selected by using the [Azure Resource Group Deployment task](https://github.com/Microsoft/vso-agent-tasks/tree/master/Tasks/DeployAzureResourceGroup).

- **Azure Resource Group:** If an [Azure resource group](https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-hero-tutorial/) has been created in the [new Azure portal](https://portal.azure.com/), then it needs to be setup for the WinRM HTTPS protocol (WinRM HTTPS, with the default port 5986 already open in Firewall, and a self-signed certificate installed on the machine).

To dynamically deploy Azure resource groups with virtual machines in them use the [Azure Resource Group Deployment task](https://github.com/Microsoft/vso-agent-tasks/tree/master/Tasks/DeployAzureResourceGroup). The task has a checkbox titled - **Enable Deployment Pre-requisites**. Select this option to setup the WinRM HTTPS protocol on the virtual machines, and to open the 5986 port in the Firewall, and to install the test certificate. After this the virtual machines are ready for use in the deployment task.

###The different parameters of the task are explained below:

* **Machines**: Specify comma separated list of machine FQDNs/ip addresses along with port(optional). For example dbserver.fabrikam.com, dbserver_int.fabrikam.com:5986,192.168.34:5986. Port when not specified will be defaulted to WinRM defaults based on the specified protocol. i.e., (For *WinRM 2.0*): The default HTTP port is 5985, and the default HTTPS port is 5986. Machines field also accepts 'Machine Groups' defined under 'Test' hub, 'Machines' tab.
Expand All @@ -17,21 +32,6 @@ The task is used run PowerShell on the target machines. The task can run both Po
* **Advanced Options**: The advanced options provide more fine-grained control on the deployment.
* **Run PowerShell in Parallel**: Checking this option will execute the PowerShell in-parallel on all VMs in the Resource Group.


### Machine Pre-requisites for the Task :


| S.NO | Target Machine State | Target Machine trust with Automation agent | Machine Identity | Authentication Account | Authentication Mode | Authentication Account permission on Target Machine | Connection Type | Pre-requisites in Target machine for Deployment Task to succeed |
|------|------------------------------------------------------------|--------------------------------------------|------------------|------------------------|---------------------|-----------------------------------------------------|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | Domain joined machine in Corp network | Trusted | DNS name | Domain account | Kerberos | Machine Administrator | WinRM HTTP | <ul><li>WinRM HTTP port (default 5985) opened in Firewall.</li></ul> |
| 2 | Domain joined machine in Corp network | Trusted | DNS name | Domain account | Kerberos | Machine Administrator | WinRM HTTPS | <ul><li>WinRM HTTPS port (default 5986) opened in Firewall.</li><li>Trusted certificate in Automation agent.</li><li>If Trusted certificate not in Automation agent then Test certificate option enabled in Task for deployment.</li></ul> |
| 3 | Domain joined machine,or Workgroup machine in Corp network | Any | DNS name | Local machine account | NTLM | Machine Administrator | WinRM HTTP | <ul><li>WinRM HTTP port (default 5985) opened in Firewall.</li><li>Disable UAC remote restrictions<a href="https://support.microsoft.com/en-us/kb/951016">(link)</a></li><li>Credential in <MachineName>\<Account> format.</li><li>Set "AllowUnencrypted" option and add remote machines in "Trusted Host" list in Automation Agent<a href="https://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx">(link)</a></li></ul> |
| 4 | Domain joined machine or Workgroup machine,in Corp network | Any | DNS name | Local machine account | NTLM | Machine Administrator | WinRM HTTPS | <ul><li>WinRM HTTPS port (default 5986) opened in Firewall.</li><li>Disable UAC remote restrictions<a href="https://support.microsoft.com/en-us/kb/951016">(link)</a></li><li>Credential in <MachineName>\<Account> format.</li><li>Trusted certificate in Automation agent.</li><li>If Trusted certificate not in Automation agent then Test Certificate option enabled in Task for deployment.</li></ul> |
| 5 | Workgroup machine in Azure | Un Trusted | DNS name | Local machine account | NTLM | Machine Administrator | WinRM HTTP | <ul><li>WinRM HTTP port (default 5985) opened in Firewall.</li><li>Disable UAC remote restrictions<a href="https://support.microsoft.com/en-us/kb/951016">(link)</a></li><li>Credential in <MachineName>\<Account> format.</li><li>Set "AllowUnencrypted" option and add remote machines in "Trusted Host" list in Automation Agent<a href="https://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx">(link)</a></li></ul> |
| 6 | Workgroup machine in Azure | Un Trusted | DNS name | Local machine account | NTLM | Machine Administrator | WinRM HTTPS | <ul><li>WinRM HTTPS port (default 5986) opened in Firewall.</li><li>Disable UAC remote restrictions<a href="https://support.microsoft.com/en-us/kb/951016">(link)</a></li><li>Credential in <MachineName>\<Account> format.</li><li>Trusted certificate in Automation agent.</li><li>If Trusted certificate not in Automation agent then Test Certificate option enabled in Task for deployment.</li></ul> |
| 7 | Any | Any | IP address | Any | NTLM | Machine Administrator | WinRM HTTP | <ul><li>WinRM HTTP port (default 5985) opened in Firewall.</li><li>Disable UAC remote restrictions<a href="https://support.microsoft.com/en-us/kb/951016">(link)</a></li><li>Credential in <MachineName>\<Account> format.</li><li>Set "AllowUnencrypted" option and add remote machines in "Trusted Host" list in Automation Agent<a href="https://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx">(link)</a></li></ul> |
| 8 | Any | Any | IP address | Any | NTLM | Machine Administrator | WinRM HTTPS | <ul><li>WinRM HTTPS port (default 5986) opened in Firewall.</li><li>Disable UAC remote restrictions<a href="https://support.microsoft.com/en-us/kb/951016">(link)</a></li><li>Credential in <MachineName>\<Account> format.</li><li>Trusted certificate in Automation agent.</li><li>If Trusted certificate not in Automation agent then Test Certificate option enabled in Task for deployment.</li></ul> |

### Known Issues :

Write-Host command is not supported in PowerShell script.
Write-Host command is not supported in PowerShell script.

0 comments on commit ab45cca

Please sign in to comment.