В этой статье мы рассмотрим, как централизованно включить и настроить службу удаленного управления Windows Remote Management (WinRM) на компьютерах домена с помощью групповых политик. Напомню, что Windows Remote Management это реализация протокола WS-Management Protocol для удаленного управления клиентскими и серверными ОС Windows. WinRM позволяет удаленно управлять компьютерами через:
- Server Manager (Windows Server);
- PowerShell Remoting (PSSession);
- Windows Admin Center.
Как включить WinRM в Windows вручную?
Служба WinRM установлена во всех современных версиях Windows. В Windows Server она включена по умолчанию, и отключена в десктопных редакциях Windows 11/10/8.1). По умолчанию слушатель службы WinRM listener не принимает подключения. Чтобы проверить это, выполните на клиенте команду:
WinRM enumerate winrm/config/listener
Появится ошибка, которая говорит, что служба WinRM не настроена:
WSManFault Message = The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". Error number: -2144108526 0x80338012
Чтобы включить и настроить службу WinRM в Windows, достаточно выполнить команду:
winrm quickconfig
или
Enable-PSRemoting –Force
WinRM has been updated to receive requests. WinRM service type changed successfully. WinRM service started.
Данная команда изменит тип запуска службы WinRM на автоматический, задаст стандартные настройки WinRM и добавить исключения для WinRM портов (5985 и 5986) в список исключений Windows Defender Firewall.
Настройка WinRM с помощью групповых политик
Вы можете автоматически включить и настроить WinRM на компьютерах домена с помощью групповых политик Windows.
- Откройте консоль редактора Group Policy Management Console (gpmc.msc), выберите контейнер с компьютерами на которых вы хотите включить WinRM и создайте новую политику corpEnableWinRM;
- Откройте политику на редактирование;
- Перейдите в раздел Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services. Найдите службу Windows Remote Service (WS-Management) и настройте ее на автоматический запуск;
- Теперь перейдите в раздел Computer Policies -> Preferences -> Control Panel Settings -> Services и выберите New -> Service. Укажите имя службы WinRM и на вкладке Recovery задайте действие Restart the Service;
- Перейдите в раздел Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Remote Management (WinRM) -> WinRM Service. Включите параметр Allow remote server management through WinRM. В поле фильтр IPv4/IPv6 можно указать IP адреса или подсети, на которых нужно слушать удаленные подключения через WinRM. Если вы хотите разрешать принимать WinRM подключения на всех IP адресах, оставьте здесь *;
- Откройте в Windows Defender Firewall правила, разрешающие подключаться к WinRM по стандартным портам 5985 и 5986. Перейдите в Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules. Выберите predefined rule Windows Remote Management;
- Перейдите в раздел Computer Configuration -> Policies -> Windows Components -> Windows Remote Shell и включите параметр Allow Remote Shell Access.
Обновите настройки GPO на клиентах и проверьте, что служба WinRM настроилась автоматически. Для диагностики применения групповой политики на клиенте можно использовать утилиту gpresult.
Проверка настроек WinRM
Чтобы проверить, что настройки WinRM на компьютере заданы через групповые политики, выполните команду:
winrm e winrm/config/listener
Команда выведет текущие настройки WinRM листенера. Обратите внимание на строку
Listener [Source="GPO"]
. Она означает, что настройки получены через групповые политики.
Полную конфигурацию службы WinRM можно вывести с помощью команды:
winrm get winrm/config
Теперь нужно попробовать удаленно подключиться к компьютеру через WinRM. Запустите на удаленном компьютере консоль PowerShell с учетной записью с правами администратора на обоих компьютерах и выполните команду:
Test-WsMan YourCompName1
Если WinRM включен, появится такой ответ:
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor : Microsoft Corporation ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0
Проверить доступность порта 5985 на удаленном компьютере можно так:
Test-NetConnection -ComputerName YourCompName1 -Port 5985
Теперь можно попробовать выполнить интерактивное подключение к удаленному компьютеру через PSRemoting с помощью командлета Enter-PSSession:
Enter-PSSession CompNameHere1
В данном случае подключение было успешно установлено и перед вами открылась консоль удаленного сервера.
По аналогии через PSRemoting на удаленном компьютере команду можно выполнить произвольную команду с помощью Invoke-Command:
Invoke-Command -ComputerName YourCompName1 -ScriptBlock {ipconfig /all}
Если соединение работает, вы увидите на экране вывод команды
ipconfig
.
Также можно выполнить команду на удаленном хосте так:
winrs -r:wsk-w10BO1 dir
В некоторых случаях при подключении через PSSession может появится ошибка:
Enter-PSSession : Connecting to remote server wsk-w10BO1 failed with the following error message : Access is denied. CategoryInfo : InvalidArgument: (wsk-w10BO1:String) [Enter-PSSession], PSRemotingTransportException FullyQualifiedErrorId : CreateRemoteRunspaceFailed
В этом случае проверьте настройки разрешения для подключения к WinRM на удаленном компьютере:
Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell
Убедитесь, что ваша учетная запись входит в группу Administrators или Remote Management Users (см. статью об удаленном доступе через WinRM без прав администратора) и им предоставлены права FullControl. Также проверьте, нет ли Deny правил.
Для настройки WinRM и PSRemoting в рабочей группе (без домена AD) рекомендуем использовать эту инструкцию.
WinRM enumerate winrm/config/listenerYou will see an error saying that the WinRM is not configured:
Note
WSManFault
Message = The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: «winrm quickconfig».
Error number: -2144108526 0x80338012
Enable Windows Remote Management WinRM
1. Right click on the Windows Start icon then select Windows PowerShell Admin or Windows Terminal Admin in Windows 11.
2. To enable and configure the WinRM service on Windows, let’s run this command:
PS C:\Windows\system32> winrm quickconfig
WinRM is not set up to receive requests on this machine.
The following changes must be made:
Start the WinRM service.
Set the WinRM service type to delayed auto start.
Make these changes [y/n]? y
WinRM has been updated to receive requests.
WinRM service type changed successfully.
WinRM service started.
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Enable the WinRM firewall exception.
Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
Make these changes [y/n]? y
WinRM has been updated for remote management.
WinRM firewall exception enabled.
Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.This command will change the WinRM service startup type to automatic, apply default WinRM settings, and add exceptions for WinRM ports (TCP 5985 and 5986) to the list of exceptions in the Microsoft Defender Firewall.
PS C:\Users\admin> WinRM enumerate winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 10.10.230.10, 127.0.0.1Alternatively, you can use the following command to enable WinRM using PowerShell.
PS C:\Windows\system32> Enable-PSRemoting -Force
WinRM has been updated to receive requests.
WinRM service type changed successfully.
WinRM service started.
WinRM has been updated for remote management.
WinRM firewall exception enabled.
Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.Enable WinRM via Group Policy
You can automatically enable and configure WinRM on domain computers using Windows GPO.
1. Open the Group Policy Management Console gpmc.msc, select an Active Directory container with the computers you want to enable WinRM on, and create a new GPO.
Open the policy to edit it
Go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services. Find the Windows Remote Service (WS-Management) service and enable automatic startup for it
Then go to Computer Policies -> Preferences -> Control Panel Settings -> Services. Select New -> Service. Enter the service name WinRM, and select the Restart the Service action on the Recovery tab.
Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Remote Management (WinRM) -> WinRM Service. Enable Allow remote server management through WinRM. In the Ipv4/IPv6 filter box, you can specify IP addresses or subnetworks, on which WinRM connections must be listened to. If you want to allow WinRM connections on all IP addresses, leave * here.
Create Windows Defender Firewall rules allowing WinRM connections on the default ports TCP/5985 and TCP/5986. Go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules. Select Windows Remote Management predefined rule.
Go to Computer Configuration -> Policies -> Windows Components -> Windows Remote Shell and enable Allow Remote Shell Access.
Update GPO settings on your clients and make sure that WinRM has been configured automatically. You can use the gpresult tool to troubleshoot Group Policy settings on client computers.
Checking WinRM Settings and PowerShell Connectivity
You may list the complete configuration of your WinRM service using this command:
PS C:\Users\admin> Test-NetConnection -ComputerName 10.10.5.56 -Port 5985
ComputerName : 10.10.5.56
RemoteAddress : 10.10.5.56
RemotePort : 5985
InterfaceAlias : Ethernet
SourceAddress : 10.10.5.52
TcpTestSucceeded : TrueThen try to connect to a remote computer via WinRM. Open the PowerShell console and run the command below. If WinRM is enabled, the following response will appear:
PS C:\Users\admin> Test-WsMan 10.10.5.56
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0You can check for an open WinRM port (TCP/5985) on the remote computer with PowerShell:
PS C:\Users\admin> Test-NetConnection -ComputerName 10.10.5.56 -Port 5985
ComputerName : 10.10.5.56
RemoteAddress : 10.10.5.56
RemotePort : 5985
InterfaceAlias : Ethernet
SourceAddress : 10.10.5.52
TcpTestSucceeded : TrueThen you may try to connect to a remote computer interactively using PSRemoting and the cmdlet. In this case, the connection is successfully established, and the PS console of the remote host appears.
PS C:\Users\admin> Enter-PSSession 10.10.5.56 -Credential (Get-Credential)
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
[10.10.5.56]: PS C:\Users\admin\Documents>Besides PSRemoting, you can use the to execute commands and scripts on a remote computer:
PS C:\> Invoke-Command -ComputerName 10.10.5.56 -ScriptBlock {ipconfig /all} -Credential (Get-Credential)
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-9FDRHRJ
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-48-AA-0B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2539:e0f:b335:1987%8(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.5.56(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.10.0.1
DHCPv6 IAID . . . . . . . . . . . : 100666409
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-D7-F4-C4-00-0C-29-48-AA-0B
DNS Servers . . . . . . . . . . . : 1.1.1.1
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Grilled Giardiniera-Stuffed Steak Sandwich
This rolled flank steak is inspired by the Italian beef sandwich, a Chicago delicacy typically consisting of chopped thin slices of roast beef stuffed…
Provided by Food Network Kitchen
Mapo Potato
Let’s be clear: Nothing surpasses the hearty deliciousness of a traditional mapo tofu. But for those days when you find yourself without soft tofu in the…
Provided by Hetty McKinnon
Chili
This is a spicy, smoky and hearty pot of chili. It’s the kind of chili you need after a long day skiing — or hibernating. To create a rich and thick sauce,…
Provided by Ali Slagle
Banket
This recipe is from my mother. It is the one she taught me with a slight tweak. In my home on the holidays one way to show someone or a family they were…
Provided by Jena Lewis
Moroccan Nachos
This Moroccan twist on the much-loved appetizer features kefta, a ground beef (or lamb) mixture seasoned with parsley, cilantro, mint, paprika and cumin,…
Provided by Nargisse Benkabbou
Peanut Butter Brownie Cups
I’m not a chocolate fan (atleast not the kind made in the U.S.), but I LOVE peanut butter and chocolate and this hit the spot. I found the recipe in 2007…
Provided by AmyZoe
Banana Cream Pudding
This fabulous version of the favorite Southern dessert boosts the banana flavor by infusing it into the homemade vanilla pudding, in addition to the traditional…
Provided by Martha Stewart
Lemon Russian Tea Cakes
I love lemon desserts,these are a simple cookie I can make quickly. The recipe is based on the pecan Russian tea cakes.I don’t like lemon extract,instead…
Provided by Stephanie L. @nurseladycooks
Easy Churros with Mexican Chocolate Sauce
Forgo the traditional frying — and mixing up the batter! — for this Latin American treat. Instead, bake store-bought puff pastry for churros that are…
Provided by Martha Stewart
Easy Lasagna
Everyone loves lasagna. It’s perfect for feeding a big crowd and a hit at potlucks. But most people reserve it for a weekend cooking project since it can…
Provided by Food Network Kitchen
Grilled Vegetables Korean-Style
Who doesn’t love grilled vegetables — the sauce just takes them over the top.
Provided by Daily Inspiration S @DailyInspiration
Outrageous Chocolate Cookies
From Martha Stewart. I’m putting this here for safe keeping. This is a chocolate cookie with chocolate chunks. Yum! Do not over cook this cookie since…
Provided by C. Taylor
CERTO® Citrus Jelly
A blend of freshly squeezed orange and lemon juices puts the citrusy deliciousness in this CERTO Citrus Jelly.
Provided by My Food and Family
Previous
Next
HOW TO ENABLE WINRM VIA GROUP POLICY — MUSTBEGEEK
2023-01-231. Create the policy. The policy could be a new GPO or using existing GPO in the Group Policy Management Console at the Domain Controller. In this example a new GPO is created with the name “Global Management”. 2. Edit the settings …
From mustbegeek.com
HOW TO ENABLE WINRM ON WINDOWS SERVERS & CLIENTS
Nov 16, 2021 How to enable WinRM – step 8 Open WinRM ports in the firewall WinRM uses ports 5985 (HTTP) and 5986 (HTTPS). To open the firewall for port 5985, expand Computer Configuration > Policies > Windows Settings > …
From support.infrasightlabs.com
How to enable WinRM – step 8 Open WinRM ports in the firewall WinRM uses ports 5985 (HTTP) and 5986 (HTTPS). To open the firewall for port 5985, expand Computer Configuration > Policies > Windows Settings > …»>
See details
HOW TO CHANGE A WINRM LISTENER PORT IN WINDOWS SERVER 2019
2023-01-23This is a step by step guide on How to Change a default WinRM Listener Port in Windows Server 20191: Change WinRM over HTTP Listener Port Number.2: Create a …
From youtube.com
WINDOWS WINRM ENABLE · GITHUB — GIST
2023-01-23windows winrm enable This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals …
From gist.github.com
CONFIGURE A WINDOWS HOST FOR ANSIBLE — ANSIBLE WINRM
Mar 7, 2022 How to configure a Windows Host for Ansible connections. Create a user. verify PowerShell & .NET. setup WinRM. create Inventory & Playbook. First of all, I’d suggest …
From ansiblepilot.com
How to configure a Windows Host for Ansible connections. Create a user. verify PowerShell & .NET. setup WinRM. create Inventory & Playbook. First of all, I’d suggest …»>
See details
WINDOWS REMOTE MANAGEMENT — ANSIBLE DOCUMENTATION
Dec 14, 2022 Basic authentication is not enabled by default on a Windows host but can be enabled by running the following in PowerShell: Set-Item -Path …
From docs.ansible.com
Basic authentication is not enabled by default on a Windows host but can be enabled by running the following in PowerShell: Set-Item -Path …»>
See details
GPO: ENABLING AND CONFIGURING WINRM – REMOTE MANAGEMENT
2023-01-23Change the start of the service to Automatic (delayed start) 1 then click on the Browse button (…) 2 to select the service. Choose the Windows Remote Management Service (WSM …
From rdr-it.com
ENABLE WINRM WITH BASIC AUTH · GITHUB — GIST
2023-01-23Enable WinRM with basic auth. GitHub Gist: instantly share code, notes, and snippets.
From gist.github.com
ENABLE WINRM ON UNATTENDED INSTALLS
Oct 10, 2012 If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: «winrm quickconfig». Error number: …
From social.technet.microsoft.com
ENABLE WINRM THROUGH INTUNE — MICROSOFT COMMUNITY HUB
Dec 6, 2019 Hi @Thijs Lecomte,. The CSP documentation gives you basically all info to look it up, see here: ADMX Info: GP English name: Allow remote server management through …
From techcommunity.microsoft.com
HOW TO ENABLE WINDOWS RECOVERY ENVIRONMENT (WINRE) ON …
May 17, 2022 To enable the Windows Recovery Environment, use these steps: Open Start. Search for Command Prompt, right-click the top result, and select the Run as administrator …
From windowscentral.com
To enable the Windows Recovery Environment, use these steps: Open Start. Search for Command Prompt, right-click the top result, and select the Run as administrator …»>
See details
ENABLING WINRM ON ALL WORKSTATIONS — SECURITY IMPLICATIONS TO
2023-01-23Once you have that, all endpoints are authenticated, then comms encrypted at the service layer first, then your admin/powershell auth goes over that channel. It doesn’t get any better than …
From reddit.com
HOW TO SETUP WINRM IN A WORKGROUP NON DOMAIN ENVIRONMENT
2023-01-23Since we are in a workgroup setting, the adapters will be set to “Private”. To Check what the network adapters Network Category is set to, run the following PowerShell command. Get …
From paulligocki.com
SETTING UP A WINDOWS HOST — ANSIBLE DOCUMENTATION
Dec 14, 2022 Setup WinRM Listener There are three ways to set up a WinRM listener: Using winrm quickconfig for HTTP or winrm quickconfig -transport:https for HTTPS. This is the …
From docs.ansible.com
Setup WinRM Listener There are three ways to set up a WinRM listener: Using winrm quickconfig for HTTP or winrm quickconfig -transport:https for HTTPS. This is the …»>
See details
TAPPING WINRM OVER SSL TO SET UP PSREMOTING [STEP BY STEP]
Mar 3, 2021 Open the firewall port for WinRM over HTTPS by using PowerShell by running the below command. $FirewallParam = @{ DisplayName = ‘Windows Remote Management …
From adamtheautomator.com
Open the firewall port for WinRM over HTTPS by using PowerShell by running the below command. $FirewallParam = @{ DisplayName = ‘Windows Remote Management …»>
See details
WHAT IS WINRM & HOW DO YOU CONFIGURE IT? — THWACK
2023-01-23SolarWinds Free Tool, Remote Execution Enabler for PowerShell, helps you configure WinRM on all your servers in a few minutes. Configure WinRM on local and remote servers. Bulk …
From thwack.solarwinds.com
ALLOWING WINRM IN THE WINDOWS FIREWALL — STACK OVERFLOW
Feb 21, 2017 How to ensure that the Windows Firewall is configured to allow Windows Remote Management connections from the workstation. For example: netsh advfirewall firewall set rule …
From stackoverflow.com
How to ensure that the Windows Firewall is configured to allow Windows Remote Management connections from the workstation. For example: netsh advfirewall firewall set rule …»>
See details
HOW TO ENABLE WINRM ON WINDOWS MACHINES — LEARN IT …
Sep 19, 2020 Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service > Allow remote …
From ntweekly.com
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service > Allow remote …»>
See details
HOW TO OPEN WINRM PORTS IN THE WINDOWS FIREWALL – TECHBEATLY
Sep 23, 2021 Open Windows Firewall from Start -> Run -> Type wf.msc. (Or Open Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with …
From techbeatly.com
Open Windows Firewall from Start -> Run -> Type wf.msc. (Or Open Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with …»>
See details
HOW TO ENABLE WINRM — YOUTUBE
2023-01-23Blog Post:https://www.pdq.com/blog/how-to-enable-winrm-window-remote-management/Can’t get enough PDQ? Commence stalking in 3… 2… 1… — Twitter — General…
From youtube.com
HOW TO ENABLE WINRM ON WINDOWS 10
2023-01-23Web. Open up the editor window by right-clicking on the policy object and choose “ Edit ”. The first thing to be done here is telling the targeted PC to enable WinRM service. Go to Computer …
From thhmvx.leinwandstore24.de
SECURE WINRM FOR ANSIBLE (CERTIFICATES) IN 10 STEPS [HOW-TO]
Jul 2, 2020 Set-Service -Name «WinRM» -StartupType Automatic Start-Service -Name «WinRM». Next, ensure that PowerShell Remoting is enabled by first checking if it has any session …
From adamtheautomator.com
Set-Service -Name «WinRM» -StartupType Automatic Start-Service -Name «WinRM«. Next, ensure that PowerShell Remoting is enabled by first checking if it has any session …»>
See details
REMOTELY ENABLE WINRM / POWERSHELL — SCRIPT CENTER — SPICEWORKS
Jul 18, 2014 Description. I wrote this script to enable the WinRM service so I could execute processes remotely using Powershell. This script uses PSexec (a part of the PSTools suite) to …
From community.spiceworks.com
IS IT POSSIBLE TO USE WINRM ON WINDOWS 10? — SUPER USER
Nov 9, 2015 •Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista for x64-based Systems . windows; powershell; Share. Improve this question. Follow edited at …
From superuser.com
•Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista for x64-based Systems . windows; powershell; Share. Improve this question. Follow edited at …»>
See details
HOW TO ENABLE WINRM APPS AND FEATURES ON WINDOWS 10 …
Mar 17, 2009 How to enable WinRM Apps and Features on Windows 10 clients via GPO Search related threads How to enable WinRM Apps and Features on Windows 10 clients via …
From social.technet.microsoft.com
How to enable WinRM Apps and Features on Windows 10 clients via GPO Search related threads How to enable WinRM Apps and Features on Windows 10 clients via …»>
See details
HOW DO I ENABLE WINRM ON WINDOWS VMS : R/TERRAFORM
2023-01-23Use the custom script extension to execute a power shell script on the VM when it starts that configures WinRM / does anything else you need. This is best done by: Supplying your script …
From reddit.com
POWERSHELL: CONFIGURE WINRM AND ENABLE PSREMOTING
2023-01-23Before being able to remotely manage your servers, you need to configure them for this purpose. In this article I will explain the first steps configuration we need to do. 1 – Enable WinRM. 2 – …
From labs.supinfochina.com
CONFIGURING WINRM OVER HTTPS TO ENABLE POWERSHELL REMOTING
Feb 11, 2016 The virtual machines I tested this with were running Windows Server 2012 R2, and the client OS was Windows 10. Both were clean installs with no prior configuration …
From cloudblogs.microsoft.com
The virtual machines I tested this with were running Windows Server 2012 R2, and the client OS was Windows 10. Both were clean installs with no prior configuration …»>
See details
GROUP POLICIES: ENABLING WINRM FOR WINDOWS CLIENT OPERATING …
Aug 16, 2018 Configuring the WinRM Service Right click on your GPO and select Edit again. Navigate to Computer Configuration – Preferences – Control Panel Settings – Services Right …
From sid-500.com
Configuring the WinRM Service Right click on your GPO and select Edit again. Navigate to Computer Configuration – Preferences – Control Panel Settings – Services Right …»>
See details
HOW TO ENABLE WINRM WITH DOMAIN CONTROLLER GROUP POLICY FOR …
Nov 17, 2022 From the Group Policy Management Editor window, click Preferences > Control Panel Settings > Services. Right-click on Services and select New > Service. Select Automatic …
From support.auvik.com
From the Group Policy Management Editor window, click Preferences > Control Panel Settings > Services. Right-click on Services and select New > Service. Select Automatic …»>
See details
HOW TO ENABLE WINRM (WINDOW REMOTE MANAGEMENT)
Apr 1, 2021 Name the policy Enable WinRM and click OK Right-click on the new GPO and click Edit Expand Computer Configuration > Policies > Administrative Templates > Windows …
From pdq.com
Name the policy Enable WinRM and click OK Right-click on the new GPO and click Edit Expand Computer Configuration > Policies > Administrative Templates > Windows …»>
See details
CONNECTING TO WINDOWS SERVER 2019 CORE THROUGH WINRM AND …
Feb 19, 2020 Test-WSMan -ComputerName <IP or host name>. Configure Windows Admin Center. In Windows Admin Center, click the Add button. Then select Windows Server. Note …
From domstamand.com
Test-WSMan -ComputerName <IP or host name>. Configure Windows Admin Center. In Windows Admin Center, click the Add button. Then select Windows Server. Note …»>
See details
HOW TO ENABLE AND CONFIGURE WINRM (WINDOWS REMOTE …
Sep 9, 2022 Open the Group Policy Management Console ( gpmc.msc ), select an Active Directory container ( Organizational Unit) with the computers you want to enable WinRM on, …
From woshub.com
Open the Group Policy Management Console ( gpmc.msc ), select an Active Directory container ( Organizational Unit) with the computers you want to enable WinRM on, …»>
See details
INSTALLATION AND CONFIGURATION FOR WINDOWS REMOTE …
Sep 9, 2021 To configure WinRM with default settings Type winrm quickconfig at a command prompt. If you’re not running under the local computer Administrator account, then you must either select Run as Administrator from the Start menu, or use the Runas command at a command …
From learn.microsoft.com
To configure WinRM with default settings Type winrm quickconfig at a command prompt. If you’re not running under the local computer Administrator account, then you must either select Run as Administrator from the Start menu, or use the Runas command at a command …»>
See details
ENABLE OR DISABLE WINDOWS RECOVERY ENVIRONMENT IN WINDOWS 10
Jul 2, 2020 See Current Status of Windows Recovery Environment (WinRE) 1 Open an elevated command prompt. 2 Copy and paste reagentc /info into the elevated command …
From tenforums.com
See Current Status of Windows Recovery Environment (WinRE) 1 Open an elevated command prompt. 2 Copy and paste reagentc /info into the elevated command …»>
See details
HOW TO ENABLE WINDOWS REMOTE SHELL — WINDOWS SERVER
Sep 24, 2021 Write the command prompt WinRM quickconfig and press the Enter button. The following output should appear: Output Copy WinRM is not set up to allow remote access to …
From learn.microsoft.com
Write the command prompt WinRM quickconfig and press the Enter button. The following output should appear: Output Copy WinRM is not set up to allow remote access to …»>
See details
HOW TO QUICKLY ENABLE AND CONFIGURE WINRM ON MICROSOFT …
Jan 8, 2023 2 Launch command prompt using administrator privilege 2.1 Bring up the start menu by using “Win” key or click on Windows start menu icon 2.2 Type “cmd” 2.3 Right click on …
From dannyda.com
2 Launch command prompt using administrator privilege 2.1 Bring up the start menu by using “Win” key or click on Windows start menu icon 2.2 Type “cmd” 2.3 Right click on …»>
See details
The Windows Remote Management (WinRM) service is Microsoft’s implementation of the WS-Management (WS-Man) protocol introduced in Windows before PowerShell. It allows remote management of your device (hardware and operating systems). For WinRM scripts to run, and for the Winrm command-line tool to perform data operations, WinRM has to be configured. In this article, I will be showing you how to enable or disable WinRM via the command-line. Please see how to fix WSManFault Message 2144108526 0x80338012: Fix the client cannot connect to the destination specified in the request, and How to configure a remote server (windows) to Support Ansible.
WinRM is automatically installed with all currently-supported versions of the Windows operating system. These WinRM components are installed with the operating system. By default, no WinRM listener is configured.
Even if the WinRM service is running, WS-Management protocol messages that request data can’t be received or sent. Internet Connection Firewall (ICF) blocks access to ports. Please see how to fix “Cannot find the computer: Fix the following error occurred while using Kerberos authentication“.
To configure the WS-Management protocol on your device, and set up the default configuration for remote management. Please enter the following command below into PowerShell.
winrm quickconfig
Note: WinRM qucikconfig is abbreviated as winrm qc, and performs the following operations. Please see Concept of Ansible on Windows using Cygwin, how to fix “WinRM cannot complete the operation, verify that the specified computer name is valid, and how to fix “An error occurred while attempting to connect to the server: Check if the Virtual Machine Management service is running or you are not authorized to connect to this server”.
When this service is started, the startup type changes to “Automatic (Delayed)”. Starting the service in itself does not do anything as it does not listen for anything as mentioned above, and stated in the image below.
Therefore, a listener is created. This listener sends and receives WS-Management protocol messages using either HTTP or HTTPS on any IP address.
A firewall exception is created for Windows Remote Management only for the current user profile. If the firewall profile is changed for any reason, then run winrm quickconfig to enable the firewall exception for the new profile (otherwise the exception might not be enabled).
A configuration change is made such that when a remote user connects with admin rights to this machine, the admin rights are not stripped via User Account Control (UAC). Basically, this configuration change involves modifying a registry entry.
Disable WinRM
To disable the effect of winrm quickconfig one must undo each of these changes. Kindly follow the steps below to disable WinRM from running on your device.
Disabling the WinRM Service
Either go via the Services MMC console and stop the WinRM service from running (disabled). Alternatively, use PowerShell as an Administrator. Below are the steps to do this via the command line.
Stop-Service winrmSet-Service -Name winrm -StartupType Disabled
Delete the Listener
For me, this step was not necessary. If you disabled the WinRM service as explained above, this disables the listener as well. If you need a listener on another port for an application other than PowerShell, you have to keep the WinRM service running.
Also, note that Server Manager uses the same listener for remote server management as PowerShell remoting. To display the available listeners you can run this command below. For us, there isn’t any listener running.
dir wsman:\localhost\listener
Note: If you have got some listeners, Once you know the name of the listener, you can remove it with the next PowerShell command.
Remove-Item -Path WSMan:\Localhost\listener\<Listener name>To remove all listeners, you can use this command below.
Remove-Item -Path WSMan:\Localhost\listener\listener* -RecurseAnother security benefit of removing the listener(s) is that if someone starts the WinRM service, this will also activate the listener. However, if you delete the listener before you disable the service, you have to add the listener again with the Enable-PSRemoting cmdlet
Disable Windows firewall exceptions
I will be using the GUI to disable the Firewall exception created via the Windows Defender Firewall With Advanced Security.
Windows Defender Firewall with Advanced Security provides host-based, two-way network traffic filtering and blocks unauthorized network traffic flowing into or out of the local deviceAs you can see, the exception is still enabled. We have to disable it. To do this, right-click on the rule and select disable rule or click on the rule, and select disable rule on the Action Pane!
As you can see below, the rule has been disabled! Please see how to fix “Connecting to a remote server failed and WinRM cannot process the request: Error code 0x8009030e occurred while using Kerberos authentication, and a specified logon session does not exist“.
To disable the firewall exceptions via PowerShell, please use the following command below
Get-NetFirewallRule | ? {$_.Displayname -eq "Windows Remote Management (HTTP-In)"} | Set-NetFirewallRule -Enabled "False"Disable Remote UAC
Note: Please set the value of the LocalAccountTokenFilterPolicy to 0. This restricts remote access to members of the Administrators group on the PC. On devices that are not members of the AD domain, WinRM adds the LocalAccountTokenFilterPolicy registry entry to the location below and sets the value to 1.
For me, this was already disabled as shown in the image below as it is a domain joined device. If this is not your case, please navigate to the following location via the Registry Editor.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemThen set the value of LocalAccountTokenFilterPolicy to 0 (zero).
To do this via PowerShell, kindly run the command below.
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name LocalAccountTokenFilterPolicy -Value 0I hope you found this blog post helpful on how to enable or disable WinRM via the command-line. Please let me know in the comment section if you have any questions.
How to Enable WinRM on Windows Servers & Clients
In the Group Policy Management Editor: expand Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management WinRM > WinRM Service. On the right hand side edit the “Allow automatic configuration of listeners” policy setting.
How do I Enable WinRM on Windows?
From the start menu , open Control Panel.
Select Administrative Tools.
Select Group Policy Management.
From the menu tree, click Domains > [your domains name].
Rightclick and select Create a GPO in this domain, and Link it here.
Input Enable WinRM.
Is WinRM Enabled by Default Windows 10?
WinRM is enabled by default on all Windows Server operating systems since Windows Server 2012 and above, but disabled on all client operating systems like Windows 10, Windows 8 and Windows 7.
How do I Enable Windows Remote Management Service?
Doubleclick Computer Configuration >Administrative Templates>Network>Network Connections> Windows Firewall. Doubleclick Domain Profile>Windows Firewall: Allow remote administration exception. Select Enabled. Click Apply.
How do I Know if WinRM is Installed?
From CMD, start the WinRM service and load the default WinRM configuration. Verify whether a listener is running, and which ports are used. The default ports are 5985 for HTTP, and 5986 for HTTPS. Enable basic authentication on the WinRM service.
Chapter 10 Configuring Remote Management
Visit each computer and run the winrm quickconfig command. Visit each computer and configure the Local Group Policy to start the Windows Remote Management service automatically. Use Remote Desktop to connect to each computer and run the winrm quickconfig command.
How do I Start Windows Remote Management Service?
Automatically start the WinRM service
Set Startup to “Automatic Delayed Start” and click the “…” next to Service name and search for Windows Remote Management WSManagement and select it. Finally, set Service action to “Start service ”. Click OK to save the settings.
How do I Start WinRM from Command Line?
Log into the Windows console .
Optional For Windows Vista serves as remote server: Start the service «Windows Remote Management » and set it for auto start after reboot.
Write the command prompt WinRM quickconfig and press the Enter button.
Which Commands will Enable the WinRM Service on a Computer?
The command “winrm quickconfig” is a great way to enable Windows Remote Management if you only have a few computers you need to enable the service on. The command will need to be run locally or remotely via PSEXEC.
What is WinRM Command?
WinRM is a commandline tool that is used for the following tasks: … Remotely communicate and interface with hosts through readily available channels/ports within your network, including workstations, servers and any operating system that supports it.