Configure Remote Computer Browser

The Privilege Management Workstyle Editor allows you to browse computers on the network for executables, Windows services, and running processes, which you can add to Application Groups. This provides a convenient alternative to manual entry.

Remote computer browsing leverages Windows Remote Management (WinRM) and PowerShell, which must be configured on each target endpoint in advance of using the computer browser feature to access the remote computer.

WinRM and Powershell are components of the Windows Management Framework, and are part of Windows 7 and Windows Server 2008 R2. For older versions of Windows, the Windows Management Framework can be downloaded and installed as an optional update at:

https://www.microsoft.com/en-us/download/details.aspx?id=54616.

To configure the ePO Server:

Configure WinRM trusted hosts:

  1. Open PowerShell (elevated).
  2. Type:
    winrm s winrm/config/client '@{TrustedHosts="<endpoint>"}'

    where <endpoint> should be replaced with the hostname or IPAddress of the network computer to be trusted (a wildcard (*) can also be used), and press Enter.

To configure a network computer:

  1. Verify that PS-Remoting is enabled:
    • Open PowerShell (elevated).
    • Type
      Enable-PSRemoting 

      and then type A to accept all defaults (this can also be enabled via AD Group Policy).
  2. Configure WinRM to allow remote connections:
    • In the same PowerShell window, type
      winrm qc 

      and press Enter.
    • Type
      winrm set winrm/config/service @{AllowUnencrypted="true"} 

    • Press Enter.

To test for a successful connection, run this command from the ePO server:

winrm identify -r:http://<endpoint>:5985 -u:<username> -p:<password>

where <endpoint> should be replaced with the hostname or IPAddress of the network computer, <username> and <password> replaced with administrator credentials on the network computer.

If the connection is unsuccessful:

Fix the local security policy to enable classic mode authentication for network logons.

  1. Open Local Security Policy from Control Panel > Administrative Tools.
  2. Navigate to Local Policies > Security Options.
  3. Double-click Network Access: Sharing and Security Model for local accounts.
  4. Set to classic.

Mixed environments:

  1. Open PowerShell (elevated).
  2. Type:
    new-itemproperty -name LocalAccountTokenFilterPolicy -path `HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1
  3. Press Enter.