Merge branch 'main' of https://git.totalservice.cz/public/ZBXWinRMConfig

zmena verze 1.06
Upload files to "/"
2025-08-12 11:02:28 +02:00 · 2025-08-12 10:59:38 +02:00 · 2025-07-30 07:34:18 +00:00
2 changed files with 4 additions and 58 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -1,15 +0,0 @@
-{
-    // Use IntelliSense to learn about possible attributes.
-    // Hover to view descriptions of existing attributes.
-    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
-    "version": "0.2.0",
-    "configurations": [
-        {
-            "name": "PowerShell: Launch Current File",
-            "type": "PowerShell",
-            "request": "launch",
-            "script": "${file}",
-            "args": []
-        }
-    ]
-}
--- a/ConfigWinRM.ps1
+++ b/ConfigWinRM.ps1
@@ -3,7 +3,7 @@

 <#PSScriptInfo

-.VERSION 1.02
+.VERSION 1.06

 .GUID 14e0e777-6ba8-4f3f-b914-53c62e0a72aa

@@ -39,10 +39,6 @@
        Updated by Jordan Borean <jborean93@gmail.com>
        Updated by Erwan Quélin <erwan.quelin@gmail.com>
        Updated by David Norman <david@dkn.email>
-  Version 1.01 - Fixed issue with HTTPS when certificate in HTTPS listener doesn't match the cert in local store
-        Updated by Michal Horák
-  Verison 1.02 - Fixed issue when script fails on removing listeners if only HTTP listener exists (no HTTPS listener exists)
-        Updated by Michal Horák
 #> 

 <#
@@ -599,31 +595,7 @@ Function Run
    Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Skipping changes in registry for LocalAccountTokenFilterPolicy.")
  }
 #--------------------------------------------------------------------------------------------------
-# Get WinRM HTTPS listener thumbprint
-
-$winrmOutput = winrm e winrm/config/listener
-$winrmThumbprint = ($winrmOutput | Where-Object { $_ -match 'CertificateThumbprint' }) -replace '.*CertificateThumbprint\s*=\s*', ''
-
-
-# Get local self-signed certificate thumbprint (adjust subject name as needed)
-$DN = $env:COMPUTERNAME
-$cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {
-    $_.Subject -like "*CN=$DN*" -and $_.Issuer -eq $_.Subject
-}
-$localThumbprint = $cert.Thumbprint
-
-# Compare the thumbprints
-  if ($localThumbprint -contains $winrmThumbprint) 
-  {
-    $certisinwinrm = "yes"
-    Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Self-Signed certificate is used in WinRM HTTPS listener.")
-  } 
-   else 
-    {$certisinwinrm = "no"
-    Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Self-Signed certificate is not used in WinRM HTTPS listener.")
-  }
-
-if (-not $MyError -and ($RunningConfig.WinRMListeners | Where-Object { $_.Transport -eq "HTTPS" } ) -and $CFG.WINRMHTTPS.ToLower() -eq "enable" -and $CFG.SelfCertForce.ToLower() -eq "enable" -or $certisinwinrm -eq "no" )
+  if (-not $MyError -and ($RunningConfig.WinRMListeners | Where-Object { $_.Transport -eq "HTTPS" } ) -and $CFG.WINRMHTTPS.ToLower() -eq "enable" -and $CFG.SelfCertForce.ToLower() -eq "enable" )
  {
    Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Forcing SSL Self-Certificate reissuing, and recreating WinRM HTTPS listener.")
    try 
@@ -649,13 +621,8 @@ if (-not $MyError -and ($RunningConfig.WinRMListeners | Where-Object { $_.Transp
      Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Removing existing WinRM HTTPS listener")
      try 
      {
-        $existingHttpsListener = $RunningConfig.WinRMListeners | Where-Object { $_.Transport -eq "HTTPS" }
-        if ($existingHttpsListener) {
-          Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset
-          Write-MyLog -LOGSeverity "INFO" -LOGMessage ("WinRM SSL listener removed.")        
-        } else {
-          Write-MyLog -LOGSeverity "INFO" -LOGMessage ("No WinRM HTTPS listener exists, nothing to remove.")
-        }
+        Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset
+        Write-MyLog -LOGSeverity "INFO" -LOGMessage ("WinRM SSL listener removed.")        
      } catch 
      {
        Write-MyLog -LOGSeverity "ERROR" -LOGMessage ("Can't remove WinRM HTTPS listener. !!!")
@@ -681,9 +648,6 @@ if (-not $MyError -and ($RunningConfig.WinRMListeners | Where-Object { $_.Transp
 #--------------------------------------------------------------------------------------------------
  if (-not $MyError -and -not ($RunningConfig.WinRMListeners | Where-Object { $_.Transport -eq "HTTPS" } ) -and $CFG.WINRMHTTPS.ToLower() -eq "enable")
  {
-    # Check for existing HTTPS listener before creating certificate
-  $existingHttpsListener = Get-WSManInstance -ResourceURI winrm/config/listener -Enumerate | Where-Object { $_.Transport -eq "HTTPS" }
-  if (-not $existingHttpsListener) {
    Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Creating new WinRM HTTPS listener.")
    try 
    {
@@ -717,9 +681,6 @@ if (-not $MyError -and ($RunningConfig.WinRMListeners | Where-Object { $_.Transp
        $MyError = $true        
      }
    }
-  } else {
-    Write-MyLog -LOGSeverity "INFO" -LOGMessage ("WinRM HTTPS listener already exists, skipping creation and certificate issuance.")
-  }
  }
 #--------------------------------------------------------------------------------------------------
  if (-not $MyError -and $RunningConfig.WinRMListeners)
Author	SHA1	Message	Date
Horák Michal	fc9bde78e0	Merge branch 'main' of https://git.totalservice.cz/public/ZBXWinRMConfig	2025-08-12 11:02:28 +02:00
Horák Michal	9c3f731a54	zmena verze 1.06	2025-08-12 10:59:38 +02:00
mhorak	ad9c726b29	Upload files to "/"	2025-07-30 07:34:18 +00:00