Help
Windows Remote Management (WinRM) is a Microsoft protocol that enables secure remote communication and management of Windows-based systems. In OpUtils, WinRM is used to establish a secure connection with Microsoft DNS and DHCP servers, allowing administrators to remotely retrieve and manage configuration data, zone or scope details, and IP-related records - all from within the OpUtils console.
By leveraging WinRM, administrators can perform DNS and DHCP monitoring and management tasks without manual server access, ensuring faster operations, improved accuracy, and enhanced security.
OpUtils supports two authentication mechanisms for establishing WinRM connections with Microsoft DNS and DHCP servers:
Kerberos is the most secure and preferred method for WinRM communication. It uses a trusted certificate over HTTPS to ensure encrypted data exchange between OpUtils and the Windows server.
Requirements:
Note: When using Kerberos, you don’t need to add the target server to the trusted hosts list in OpManager/OpUtils installation server machine, as authentication is securely handled through the domain.
NTLM is an alternative authentication type used when Kerberos is not used. It’s relatively less secure since it relies on hostname-based authentication rather than certificates.
Requirements:
Note: NTLM is best suited for non-domain or testing environments where Kerberos configuration isn’t feasible.
When configuring Kerberos/NTLM authentication for WinRM, a valid TLS/SSL certificate must be associated with the Windows server to enable secure HTTPS communication.
Tip: You can access this option from the Add DHCP Server or Add DNS Server form under WinRM settings.
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="<hostname>"; CertificateThumbprint="<certificate_thumbprint>"}
This creates a secure WinRM listener over HTTPS, enabling encrypted communication between the OpUtils server and the target Microsoft DNS or DHCP server.
OpUtils offers flexible connection modes that help administrators balance performance, security, and resource utilization when managing Microsoft DNS and DHCP servers.
In this mode, WinRM connections are initiated only when a DNS or DHCP related task such as data retrieval, zone or scope refresh, or configuration update is performed. Once the operation is complete, OpUtils automatically terminates the connection to minimize the attack surface and enhance security.
Ideal for: Environments that prioritize strong security controls and optimized resource usage.
In this mode, the WinRM connection between OpUtils and the target Windows server (DNS or DHCP) remains continuously active. This ensures faster access to DNS and DHCP data and reduces response time, as no reconnection is required for each operation.
Ideal for: High-frequency monitoring or real-time DNS and DHCP management environments.
In this mode, OpUtils does not automatically enable or manage the WinRM connection. Administrators must manually configure WinRM settings on both the OpUtils server and the target Windows server before establishing communication.
Ideal for: Environments with strict network policies or customized security configurations.
To establish a WinRM connection between OpUtils and Microsoft DNS or DHCP servers, you must enable and configure WinRM on both the OpUtils server and the target Windows server.
winrm quickconfigSet-Item WSMan:\localhost\Client\TrustedHosts -Value "<Server_IP_or_Hostname>"winrm enumerate winrm/config/listenerwinrm quickconfignetsh advfirewall firewall add rule name="WinRM" dir=in action=allow protocol=TCP localport=<port_number>Test-WSMan <Server_IP_or_Hostname>Thank you for your feedback!