As the title indicates, I'm looking for industry best practices for enabling Windows Remote Management on a mix of Windows Servers (from 2000, 2003, 2008/R2 and 2012) to allow PowerShell to execute commands on a remote server.
What are some security best practices to follow to limit the attack surface should an attacker compromise an internal system?
Is there anything that can be done to harden domain servers which have WinRM enabled?
Thinking in theory here, one idea that comes to mind is only allowing WinRM for a specific service account which has two-factor authentication. A normal domain account password and a rolling security token would lower the chances of this account being hijacked in the event of being compromised.
Aucun commentaire:
Enregistrer un commentaire