Best practices
To ensure optimal security and performance when using PSRemoting, it’s important to follow the best practices enforced by the product. These practices are designed to minimize the risk of security breaches and ensure that your remote management tasks run smoothly.
Authentication:
- If possible, use only Kerberos or NTLM authentication.
- Avoid CredSSP and basic authentication whenever possible.
- In the best case, restrict the usage of all other authentication mechanisms besides Kerberos/NTLM.
- SSH remoting – configure public key authentication and keep the private key protected.
Limit connections:
- Limit connections via firewall from a management subnet (hardware and software if possible/available).
PSRemoting’s default firewall policies differ based on the network profile. In a Domain, Workgroup, or Private network profile, PSRemoting is available to all by default (assuming they have valid credentials). In...