The new Windows documentation references the top of this file for a list and explanation of options, however `-EnableCredSSP` was missing from this list.
* Add missing support for -CertValidityDays
For some reason the -CertValidityDays option was not being used in the certificates we created.
This fixes#10439
* Possible fix
* We cannot use New-SelfSignedCertificate on 2012R2 and earlier
As suggested by @jhawkesworth
Instead of asking the user to type something prior to running the script, why not allow -Verbose on the command line directly.
Also log important events to EventLog, so that it can be traced e.g. when running via RunOnce mechanism.
The documentation is updated as well.
Having used this script several times today, I came to notice the $SubjectName variable, being passed in via the CLI, is essentially ignored when generating the SSL certificates, rendering it useless. I believe it's a good idea to have it in place, so I've updated the script to reflect this.
I also cleaned up some random new lines throughout the file, and expanded on a comment.
It might be worth going a step further and commenting the file fully, as most people reviewing this file won't be familiar with PowerShell (like I wasn't unitl a few days ago). It could be helpful.
The current script fails on machines which have network interfaces designated
as connected to "Public" networks (choices for network designation being
Private, Domain, Public). This commit changes the script to NOT prevent winrm
initialization when device is connected to a "Public" network.