Difference between revisions of "WinRM"
| (2 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
How to enable WinRM manually or with Group Policy<br> | How to enable WinRM manually or with Group Policy<br> | ||
<big>Enable-PSRemoting</big><br> | <big>Enable-PSRemoting</big><br> | ||
| − | <big>1. Allow remote server management through WinRM</big> | + | <big>1. Allow remote server management through WinRM</big><br> |
| + | |||
Go to Computer Configuration > Policies > Administrative Templates > Windows Remote Management (WinRM) > WinRM Service.<br> | Go to Computer Configuration > Policies > Administrative Templates > Windows Remote Management (WinRM) > WinRM Service.<br> | ||
Double-click the setting “Allow remote server management through WinRM”<br> | Double-click the setting “Allow remote server management through WinRM”<br> | ||
| Line 21: | Line 22: | ||
You can scan the port 5985 on the remote computer to see if it responses, like below:<br> | You can scan the port 5985 on the remote computer to see if it responses, like below:<br> | ||
| − | Test-NetConnection -ComputerName remote_computer -Port Port#<br> | + | '''Test-NetConnection -ComputerName remote_computer -Port Port#'''<br> |
Oh, simply open a PowerShell session on the remote computer and see if it succeeds.<br> | Oh, simply open a PowerShell session on the remote computer and see if it succeeds.<br> | ||
| − | Enter-PSSession -ComputerName remote_computer<br> | + | '''Enter-PSSession -ComputerName remote_computer'''<br> |
Latest revision as of 02:08, 3 January 2022
Powershell Remoting
How to enable WinRM manually or with Group Policy
Enable-PSRemoting
1. Allow remote server management through WinRM
Go to Computer Configuration > Policies > Administrative Templates > Windows Remote Management (WinRM) > WinRM Service.
Double-click the setting “Allow remote server management through WinRM”
Select Enable and type in “*” in for both IPv4 filter and IPv6 filter.
* If you don’t see Windows Remote Management in your Group Policy Editor, there is probably the WinRM admin template missing in your Active Directory.
2. Enable WinRM service
Go to Computer Configuration > Policies > Preferences > Control Panel Settings.
And right-click Services and choose New > Service.
Choose Automatic (Delayed Start) as startup type, pick WinRM as the service name, set Start service as the action.
3. Set up the Firewall rule
Go to Computer Configuration > Policies > Security Settings > Windows Firewall with Advanced Security.
And right-click Inbound Rules and start a New Rule
Select Predefined: option and choose Windows Remote Management from the list (not the one with compatible). Click Next.
Select the one for Domain and Private, and Allow the connection option at the next screen. And click Finish.
To reduce the exposure to this service we can remove the Private and only leave only Domain profile in place. Double-click the new rule we just created, go to Advanced tab and uncheck the Private option from the Profiles section.
You can scan the port 5985 on the remote computer to see if it responses, like below:
Test-NetConnection -ComputerName remote_computer -Port Port#
Oh, simply open a PowerShell session on the remote computer and see if it succeeds.
Enter-PSSession -ComputerName remote_computer
