Hello,
My Goal:
On this test machine (non-domain), I want to restrict WinRM listener (itself) to only listen for specific client IP addresses or client IP address range. I don’t want to attempt to control WinRM traffic via GPO/FW, I want to control WinRM traffic via the listener itself.
My problem:
The command I used to create the listener (The IP I used in "“IP:xxx.xxx.xxx.xxxx” is the IP of the public interface (front net). The resulting listener configuration then contains the public IP as the listener Address as well as the ListenOn address. I appreciate if someone case explain what the “Address” field and “ListenOn” field mean and how I can ensure that WinRM is listening on a specific interface on the target server and listening for specific client (requesting) IP’s.
New-WSManInstance winrm/config/Listener -SelectorSet @{Address=“IP:xxx.xxx.xxx.xxxx”;Transport=“HTTPS”} -ValueSet @{HostName=‘xxxxxxxxxxxx.xxxxxxxxxxx.xxxx’;CertificateThumbprint=‘XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX’}
Check listener configuration:
PS C:\scripts> winrm e winrm/config/listener
Listener
Address = IP:xxx.xxx.xxx.xxxx
Transport = HTTPS
Port = xxxx
Hostname = xxxxxxxxxxxx.xxxxxxxxxxx.xxxx
Enabled = true
URLPrefix = wsman
CertificateThumbprint = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ListeningOn = xxx.xxx.xxx.xxxx
Thanks in advance!
Jason