Why RSAT/PSRemoting better than RDP ?

Welcome Forums General PowerShell Q&A Why RSAT/PSRemoting better than RDP ?

This topic contains 4 replies, has 4 voices, and was last updated by

Del
 
Participant
1 year, 7 months ago.

  • Author
    Posts
  • #68622
    Del

    Participant
    Points: 0
    Rank: Member

    I am having a meeting next week with our security group.
    I asked them to create a gpo to enable PowerShell remoting on our AD computers

    All of our computers are Windows 7 and above. thank god we don't have xp.

    GPO Creation
    1. Create your GPO, Name "PSR"
    2. Edit the policy.

    Enabling WinRM
    1. Browse to Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service
    2. Depending on the operating system:
    Server 2008 R2 and later: Open the Allow Remote Server management through WinRM policy setting.
    Server 2008 and earlier: Open the Allow automatic configuration of listeners policy setting.
    3. Set the Policy to Enabled.
    4. Set the IPv4 and IPv6 filters to * unless they need something specific there.

    Setting the Firewall Rules
    1. Browse to Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile
    2. Open the Windows Firewall: Define inbound port exceptions policy setting.
    3. Set it to Enabled if it isn't already.
    4. Click the Show… button and add the port exception. We're going to be opening TCP port 5985, so the exception string will
    look something like this:
    5. 5985:TCP:*:enabled:WSMan

    But they want to know Why not only using RDP ?

    I'd really appreciate it if someone can direct me or attach a link why PSRemoting and using RSAT is better than RDP.
    I need a technical/Security article

    Thanks Guys

  • #68625

    Participant
    Points: 21
    Rank: Member

    Here's a start.

    https://devopscollective.gitbooks.io/secrets-of-powershell-remoting/content/manuscript/powershell-remoting-and-security.html

    directly from the same group that brings you this website more or less.

    Good luck with that discussion, you're doing the right thing.

  • #68656

    Participant
    Points: 21
    Rank: Member

    Sounds like a job I'd leave immediately:) The answer is because this is how we manage servers now.

  • #68706

    Participant
    Points: 0
    Rank: Member

    @Del, we actually use PSRemoting to inceease security. When an administrator RDP's into a server you have very limited options in terms of knowing exactly what they are doing (every mouse click) unless you have a screen recorder on everyone's computer. When you have an administrator log into a server via Powershell, EVERY single action they perform can be recorded/logged.

    See https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

    You should include the GPO items described in the blog above in your GPO request and target the request as "to increase security" rather than making managing servers easier. As you know security people only care about security.

    Some things to note, the GPO items in the blog are only available in the Windows 10 ADMX files which you can install on Windows 2008 R2 DC's. It's standard pratice to keep your ADMX files up to date. If your DC admins don't want to update ADMX files then the settings can be enabled via the registry. The servers you are connecting to will also need to be running Powershell 5.0 or 5.1 (highly recommend 5.1 as 5.0 is pretty buggy and slow).

    https://www.microsoft.com/en-us/download/details.aspx?id=53430

    Here are great blogs from Microsoft about Powershell security.

    https://blogs.technet.microsoft.com/ashleymcglone/2016/06/29/whos-afraid-of-powershell-security/

    PowerShell ♥ the Blue Team

    Powershell is the most secure scripting language.

    A Comparison of Shell and Scripting Language Security

    Good luck and may the force be with you!

    • #68763
      Del

      Participant
      Points: 0
      Rank: Member

      Thank you guys.

The topic ‘Why RSAT/PSRemoting better than RDP ?’ is closed to new replies.