遠端機器轉換的設定指示Setup instructions for remote machine conversions

連接遠端電腦是確保您遵循轉換環境最佳做法建議的其中一個選項,因為它可以是比本機電腦更簡潔的環境。Connecting with a remote machine is one option to ensure that you are following the best practices recommendation for your conversion environment as it can be a cleaner environment than your local machine. 開始進行遠端轉換之前,您須執行幾個步驟。There are a few steps that you will need to take before getting started with remote conversions.

為了進行安全的存取,遠端機器上必須啟用 PowerShell 遠端功能。PowerShell remoting must be enabled on the remote machine for secure access. 您也必須擁有遠端電腦的系統管理員帳戶。You must also have an administrator account for your remote machine. 如果您想要使用 IP 位址進行連線,請依照指示來連線到未加入網域的遠端機器。If you would like to connect using an IP address, follow the instructions for connecting to a non-domain joined remote machine.

連線到受信任網域中的遠端機器Connecting to a remote machine in a trusted domain

若要啟用 PowerShell 遠端處理,請以系統管理員身分從 powershell 視窗在遠端電腦上執行下列程式:To enable PowerShell remoting, run the following on the remote machine from a PowerShell window as an administrator:

Enable-PSRemoting -Force -SkipNetworkProfileCheck

務必使用網域帳戶 (不是本機帳戶) 來登入已加入網域的機器,或是依照設定指示使用未加入網域的機器。Be sure to sign in to your domain-joined machine using a domain account and not a local account, or you will need to follow the set up instructions for a non-domain joined machine.

連接埠組態Port configuration

如果您的遠端機器是安全性群組 (例如 Azure) 的一部分,您必須設定網路安全性群組規則,以連線到 MSIX 封裝工具的伺服器。If your remote machine is part of a security group(such as Azure), you must configure your network security rules to reach the MSIX Packaging Tool server.

AzureAzure

  1. 在 Azure 入口網站中,移至 [網路] > [新增輸入連接埠]In your Azure Portal, go to Networking > Add inbound port
  2. 按一下 [基本]Click Basic
  3. [服務] 欄位應該仍然設定為 [自訂]Service field should remain set to Custom
  4. 將連接埠號碼設定為 1599 (MSIX 封裝工具的預設連接埠值 – 可在工具的 [設定] 中變更此值),並指定規則名稱 (例如 AllowMPTServerInBound)Set the port number to 1599 (MSIX Packaging Tool default port value – this can be changed in the Settings of the tool) and give the rule a name (e.g. AllowMPTServerInBound)

其他基礎結構Other infrastructure

請確定您的伺服器連接埠組態可搭配 MSIX 封裝工具的連接埠值 (MSIX 封裝工具的預設連接埠值是 1599 – 這可以在工具的 [設定] 中變更)Make sure your server port configuration is aligned to the MSIX Packaging Tool port value(MSIX Packaging Tool default port value is 1599 – this can be changed in the Settings of the tool)

連線到未加入網域的遠端機器 (包括 IP 位址)Connecting to a non-domain joined remote machine(includes IP addresses)

對於未加入網域的機器,則必須使用憑證來設定,以透過 HTTPS 進行連線。For a non-domain joined machine, you must be set up with a certificate to connect over HTTPS.

  1. 在以系統管理員身分在 PowerShell 視窗中的遠端電腦上執行下列動作,以啟用 powershell 遠端處理和適當的防火牆規則:Enable PowerShell remoting and appropriate firewall rules by running the following on the remote machine in a PowerShell window as an administrator:
Enable-PSRemoting -Force -SkipNetworkProfileCheck  

New-NetFirewallRule -Name "Allow WinRM HTTPS" -DisplayName "WinRM HTTPS" -Enabled  True -Profile Any -Action Allow -Direction Inbound -LocalPort 5986 -Protocol TCP
  1. 產生自我簽署憑證、設定 WinRM HTTPS 組態及匯出憑證Generate a self-signed certificate, set WinRM HTTPS configuration, and export the certificate
$thumbprint = (New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My -KeyExportPolicy NonExportable).Thumbprint

$command = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=""$env:computername"";CertificateThumbprint=""$thumbprint""}"

cmd.exe /C $command

Export-Certificate -Cert Cert:\LocalMachine\My\$thumbprint -FilePath <path_to_cer_file>
  1. 在您本機電腦上複製匯出的憑證,並將其安裝在受信任的根存放區底下On your local machine, copy the exported cert and install it under the Trusted Root store
Import-Certificate -FilePath <path> -CertStoreLocation Cert:\LocalMachine\Root

連接埠組態Port configuration

如果您的遠端機器是安全性群組 (例如 Azure) 的一部分,您必須設定網路安全性群組規則,以連線到 MSIX 封裝工具的伺服器。If your remote machine is part of a security group (such as Azure), you must configure your network security rules to reach the MSIX Packaging Tool server.

AzureAzure

請依照指示為 MSIX 封裝工具新增自訂連接埠,以及針對 WinRM HTTPS 新增網路安全性規則Follow the instructions to add a custom port for the MSIX Packaging Tool, as well as adding a network security rule for WinRM HTTPS

  1. 在 Azure 入口網站中,移至 [網路] > [新增輸入連接埠]In your Azure Portal, go to Networking > Add inbound port
  2. 按一下 [基本]Click Basic
  3. 將 [服務] 欄位設定為 WinRMSet Service field to WinRM

其他基礎結構Other infrastructure

請確定您的伺服器連接埠組態可搭配 MSIX 封裝工具的連接埠值 (MSIX 封裝工具的預設連接埠值是 1599 – 這可以在工具的 [設定] 中變更)Make sure your server port configuration is aligned to the MSIX Packaging Tool port value (MSIX Packaging Tool default port value is 1599 – this can be changed in the Settings of the tool)