Enable PowerShell Remoting using Group Policy

PowerShell Remoting is a very powerful tool for each administrator, as it enables remote management of Windows Servers and Clients through PowerShell.

On Windows Server 2016 and Windows Server 2012 R2, PowerShell Remoting is enabled by default. However, in previous versions as well as in client versions of Windows, you will need to enable it by yourself. Since it is not wise to log on to each server and use the Enable-PSRemoting cmdlet interactively, we will use Group Policy to do it for us.

Since there is no specific policy to enable PowerShell Remoting, we will need to configure each parameter required to work properly. This means that we will create HTTP(S) Listeners, configure automatic start of the WinRM service and the set the appropriate rules in the Windows Firewall.

Enable PowerShell Remoting using Group Policy

First, open the Group Policy Management Console window and create a new Group Policy Object. You do not need to apply it to an OU yet, it would be better to test it before dropping it into production servers.

Configure WinRM Listeners

Follow the path: Computer Configuration \ Administrative Templates \ Windows Components \ Windows Remote Management (WinRM) \ WinRM Service

Here, open Allow remote server management via WinRM and set the switch to Enabled. In the filter field, use the wildcard (*) to specify all IP addresses or use a specific IP address range for greater security and server lockdown.

Enable PowerShell Remoting using Group Policy

Set the WinRM service to start automatically

WinRM service runs automatically, by default, in the latest versions of Windows Server. However, this is not the case with Windows client computers. So, you can start the service through Group Policy. Let me point out that Group Policy will start the WinRM service on the next computer restart as it can not be done dynamically at any given time.

Follow the path: Computer Configuration \ Windows Settings \ Security Settings \ System Services

Here, double-click Windows Remote Management (WS-Management) to see its properties and set the start-up mode to Automatic, as shown in the figure below.

Enable PowerShell Remoting using Group Policy

Configure Windows Firewall

Follow the path: Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Windows Firewall with Advanced Security

Here, right-click on Inbound Rules and then in New Rule. In the window that appears, enable the Predefined type and select Windows Remote Management.

Enable PowerShell Remoting using Group Policy

Choose whether to allow access to Domain / Private networks and/or Public networks.

Enable PowerShell Remoting using Group Policy

Finally, leave Allow the connection enabled and click Finish to create the new rules in the Windows Firewall.

Enable PowerShell Remoting using Group Policy

That’s it!

About Dimitris Tonias 95 Articles

My name is Dimitris Tonias, IT Pro, G(r)eek, focused on Server, Virtualization, and Cloud technologies.

Be the first to comment

Leave a Reply

Your email address will not be published.


*