| Description | This article describes WinRM Device Profile requirements and setup. |
| Solution |
Requirements:
- WinRM service must be enabled on endpoints.
- The WinRM HTTP port(s) (5986 or 5985 (insecure)) must be enabled and available through the firewall to the FortiNAC App. server. HTTPS (5986) is strongly encouraged for security purposes.
- NTLM Authentication with domain credentials authorized to run powershell commands get-wmiobject, get-itemproperty, get-service, get-process, convertto-json, and read the registry.
- Minimum Windows Management Framework (WMF) version: 3.0
root@fnc-ca1:/bsc/campusMgr/bin/internal > winrmps <Workstation-ip>:5985 Domain\username <password> ipconfig
Note. After 'ipconfig' has been typed and enter has been pressed, should type '[ctrl+d]' to run the script.
Screenshot for illustration:
Disclaimer.
This is not a public API and the program input may change without notice. Alternatively, it is possible to run winrmps using the below command if https port 5986 is used:
> /bsc/campusMgr/bin/internal/winrmps /bsc/.runtime/data/certificate/winrmps_ca.pem 10.27.2.139:5986 DOMAIN\Username Password-in-plaintext Ipconfig
where everything after the first line is stdin. 'ipconfig' is just an example command to run.
Important Note.
If FortiNAC version 9.1.x till version 9.2.1 is used, type the UPN name in the DPC role created in the FortiNAC DPC role. Otherwise, DPC will not work correctly.
Solution.
UPN username will be addressed in 9.2.2. Device Profiler WinRM Method -> Credentials are required to be in userPrincipalName format but shouldn't be.
Useful technical document: |
