如何使用 winrm 将多台机器添加到可信主机列表中

要从远程计算机在计算机上运行 powershell 命令,我们必须将远程计算机添加到主机的可信主机列表中。

我使用以下命令将机器 A 添加到机器 B 的可信主机:

winrm set winrm/config/client ‘@{TrustedHosts="machineA"}’

如何添加更多的机器说机器 C,机器 D 到可信主机列表的机器 B?

245538 次浏览
winrm set winrm/config/client '@{TrustedHosts="machineA,machineB"}'

I prefer to work with the PSDrive WSMan:\.

Get TrustedHosts

Get-Item WSMan:\localhost\Client\TrustedHosts

Set TrustedHosts

provide a single, comma-separated, string of computer names

Set-Item WSMan:\localhost\Client\TrustedHosts -Value 'machineA,machineB'

or (dangerous) a wild-card

Set-Item WSMan:\localhost\Client\TrustedHosts -Value '*'

to append to the list, the -Concatenate parameter can be used

Set-Item WSMan:\localhost\Client\TrustedHosts -Value 'machineC' -Concatenate

The suggested answer by Loïc MICHEL blindly writes a new value to the TrustedHosts entry.
I believe, a better way would be to first query TrustedHosts.
As Jeffery Hicks posted in 2010, first query the TrustedHosts entry:

PS C:\> $current=(get-item WSMan:\localhost\Client\TrustedHosts).value
PS C:\> $current+=",testdsk23,alpha123"
PS C:\> set-item WSMan:\localhost\Client\TrustedHosts –value $current

I created a module to make dealing with trusted hosts slightly easier, psTrustedHosts. You can find the repo here on GitHub. It provides four functions that make working with trusted hosts easy: Add-TrustedHost, Clear-TrustedHost, Get-TrustedHost, and Remove-TrustedHost. You can install the module from PowerShell Gallery with the following command:

Install-Module psTrustedHosts -Force

In your example, if you wanted to append hosts 'machineC' and 'machineD' you would simply use the following command:

Add-TrustedHost 'machineC','machineD'

To be clear, this adds hosts 'machineC' and 'machineD' to any hosts that already exist, it does not overwrite existing hosts.

The Add-TrustedHost command supports pipeline processing as well (so does the Remove-TrustedHost command) so you could also do the following:

'machineC','machineD' | Add-TrustedHost

Same as @Altered-Ego but with txt.file:

Get-Content "C:\ServerList.txt"
machineA,machineB,machineC,machineD




$ServerList = Get-Content "C:\ServerList.txt"
$currentTrustHost=(get-item WSMan:\localhost\Client\TrustedHosts).value
if ( ($currentTrustHost).Length -gt "0" ) {
$currentTrustHost+= ,$ServerList
set-item WSMan:\localhost\Client\TrustedHosts –value $currentTrustHost -Force -ErrorAction SilentlyContinue
}
else {
$currentTrustHost+= $ServerList
set-item WSMan:\localhost\Client\TrustedHosts –value $currentTrustHost -Force -ErrorAction SilentlyContinue
}

The "-ErrorAction SilentlyContinue" is required in old PS version to avoid fake error message:

PS C:\Windows\system32> get-item WSMan:\localhost\Client\TrustedHosts




WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client


Type            Name                           SourceOfValue   Value
----            ----                           -------------   -----
System.String   TrustedHosts                                   machineA,machineB,machineC,machineD

winrm set winrm/config/client '@{TrustedHosts="ServerA"}'

Generates this error:

Syntax Error: input must be of the form {KEY="VALUE"[;KEY="VALUE"]}

This worked for me (Server 2016):

winrm set winrm/config/client @{TrustedHosts="ServerA"}