I have been writing a few PowerShell scripts in our work domain secured environment, all work fine with kerberos security. I’m trying to look to modify these on my laptop which is in domain, and to test execute these on VMs in my homelab which are not members of the domain.
With a view to enable basic authentication on the target machine I ran
It returns to say Unencryted traffic is currently disabled in the client configuration as per Remote Error.jpg
I’m quite new to Powershell so I’m probably missing something obvious, for background target is Windows 2012 R2 so Windows Management Framework 4 and remote sending is Windows 7 with Windows Management Framework 4 installed.
So, there’s a differences between the application-level encryption and the HTTPS channel. If the goal is to use Basic authentication, WinRM wants you to use HTTPS. That means you have to set up a listener for HTTPS, and specify -UseSSL when running the command. That has nothing to do with the “allow unencrypted” though.
The goal is to have a simple solution no real preference, my thought was configuring the client to enable Basic authentication over a non-SSL connection. On re-reading what I had put I realized I had missed forcing New-PSSession to use Basic authentication.
I still get the same “Unencrypted traffic is currently disabled in the client configuration.” I wonder if from what you have put that Basic authentication cannot work over non-SSL and while the client is enabled for unencrypted traffic the message really relates to unencrypted traffic not being allowed with basic authentication.
You can do hat you want - you need to add the target computer to the local computer’s TrustedHosts list, and provide a credential. Otherwise it wants SSL. It isn’t so much about encryption as it is about mutual authentication.