特殊許可權存取工作站和具特殊許可權的端點存取Privileged Access Workstation and privileged endpoint access

概觀Overview

針對此程式,您必須連接到「特殊許可權存取工作站」 (PAW) 。For this procedure, you must connect to the Privileged Access Workstation (PAW). 客戶必須提供您使用 [遠端桌面] 連線到 PAW 的能力。The customer will need to provide you with the ability to connect to the PAW using Remote Desktop.

設定 WinRMConfiguring the WinRM

若要允許從 PAW 連線到具特殊許可權的端點,請確定已將具特殊許可權的端點 IP 位址(如 Azure Stack Hub 系統管理員入口網站中所定義)設定為 PAW 上的受信任主機。To allow connections to the privileged endpoint from the PAW, ensure that the privileged endpoint IP addresses, as defined in the Azure Stack Hub Admin Portal, are set as a trusted host on the PAW. 從系統管理員入口網站取得這些 IP 位址的指示,是在頁面16上驗證縮放單位節點存取和健康情況。The instructions for obtaining these IP addresses from the Administrator Portal are in Verifying Scale Unit node access and health on page 16.

若要查看或編輯 WinRM 受信任的主機,請啟動提升許可權的 PowerShell 會話:To view or edit the WinRM trusted hosts, launch an elevated PowerShell session:

  • 查看信任的主機。View trusted hosts.

若要查看目前受信任的主機,請在 PowerShell 中執行:To view the current trusted hosts, in PowerShell run:

  • 編輯信任的主機。Edit trusted hosts.

如果緊急修復主控台伺服器 (ERCS) Ip 不存在,請執行下列步驟以設定受信任主機的新值,並以 ERCS03_IP 系統 < * < * < * 管理員入口網站中定義的三個具特殊許可權的端點 ip 取代 * ERCS01_IP、* ERCS02_IP 和 * Azure Stack Hub:If the Emergency Recovery Console Server (ERCS) IPs are not present, then run the following to set a new value for trusted hosts, replacing *<ERCS01_IP*, *<ERCS02_IP* and *<ERCS03_IP* with the three privileged endpoint IPs defined within the Azure Stack Hub Admin Portal:

連接到具特殊許可權的端點Connect to the privileged endpoint

在 PAW 上,開啟已提升許可權的 PowerShell 會話,然後執行下列兩個命令。On the PAW, open an elevated PowerShell session and run the following two commands. < * 使用其中一個具特殊許可權端點實例的 IP 取代 * ERCS_IP,如本程式稍早所述。Replace *<ERCS_IP* with an IP of one of the privileged endpoint instances as noted earlier in this procedure. 當系統提示您輸入具有特殊許可權的端點 (PEP) 客戶提供的認證。When prompted enter the privileged endpoint (PEP) credentials supplied by the customer.

關閉具特殊許可權的端點Close the privileged endpoint

若要關閉具特殊許可權的端點會話,請執行下列動作:To close the privileged endpoint session, run the following:

進階閱讀Further reading

如需有關如何連線至及使用具特殊許可權端點的詳細資訊,請參閱使用 Azure Stack Hub 中具有特殊許可權的端點 For more information on connecting to and working with the privileged endpoint see Use the privileged endpoint in Azure Stack Hub.