Dec 06 2019 06:50 AM
Hello everybody,
I'm trying to enable WinRM to remotely manage our devices, when onprem.
Therefore i tried to add a custom profile with the following OMA-URI:
./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowRemoteServerManagement
(With value <enabled>).
Unfortunatelly the result is "-2016281112 (Remediation failed)".
What am i making wrong?
Thanks in advance. 🙂
Regards
Patrick
Dec 06 2019 08:33 AM
Dec 08 2019 11:08 PM
Thanks for your response.
I've read through this, unfortunatelly i don't get it. That's why i thought trying the syntax i used. (Which isn't working.)
Dec 09 2019 12:19 AM
@PatrickF11 have you tried the value "<enabled/>" with closing slash as this would represent the required syntax to enable an admx backend policy.
Dec 09 2019 12:40 AM
Thank you for sharing your thoughts.
Yes, i'm using the value "<enabled />" as in many other settings, too.
Dec 10 2019 03:20 AM
Dec 12 2019 11:15 AM
Dec 12 2019 02:07 PM
Hey @PatrickF11,
you need to have a look at the Policy CSP documentation here: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-remotemanagement#remoteman... and be careful if it is a ADMX-backed policy. Then you have to deal with the correct way of defining the value, which configures the policy.
In your case you have to carefully lookup the value definitions in the admx file and then you well get to the result like this:
./Vendor/MSFT/Policy/Config/RemoteManagement/AllowRemoteServerManagement
Value (string):
<enabled/>
<data id="AllowAutoConfig_IPv4Filter" value="*" />
<data id="AllowAutoConfig_IPv6Filter" value="" />
this works and is the correct way to address the value which you want to configure.
But! for this particular policy you have a way more convenient way to configure it, it is available in the Administrative templates:
best,
Oliver
Dec 13 2019 12:13 AM
Dec 13 2019 12:29 AM
Hi @Thijs Lecomte,
The CSP documentation gives you basically all info to look it up, see here:
ADMX Info:
Then go to C:\Windows\PolicyDefinitions on a Windows 10 device and look for:
WindowsRemoteManagement.admx
<policy name="AllowAutoConfig" class="Machine" displayName="$(string.AllowAutoConfig)" explainText="$(string.AutoConfigHelp)" presentation="$(presentation.AllowAutoConfig)" key="Software\Policies\Microsoft\Windows\WinRM\Service" valueName="AllowAutoConfig">
<parentCategory ref="WinRMService" />
<supportedOn ref="windows:SUPPORTED_WindowsVista" />
<enabledValue>
<decimal value="1" />
</enabledValue>
<disabledValue>
<decimal value="0" />
</disabledValue>
<elements>
<text id="AllowAutoConfig_IPv4Filter" valueName="IPv4Filter" maxLength="1024" />
<text id="AllowAutoConfig_IPv6Filter" valueName="IPv6Filter" maxLength="1024" />
</elements>
</policy>
Follow the instruction "How to construct the value / enable a policy" here:
best,
Oliver
Dec 13 2019 12:32 AM
Jan 08 2020 12:27 AM
@Oliver Kieselbach Thank you very much.
Unfortunately enabling WinRM isn't enough.