PowerShell

Group Policies: Enabling WinRM for Windows Client Operating Systems (Windows 10, Windows 8, Windows 7)

Windows Remote Management is a powerful feature to administer your Windows systems remotely. WinRM is enabled by default on all Windows Server operating systems (since Windows Server 2012 and above), but disabled on all client operating systems like Windows 10, Windows 8 and Windows 7. In this blog post I will show you how to enable WinRM on your client computers by using Group Policies.

Introduction

If you want to perform some magic stuff like restarting all client computers, enabling Remote Desktop remotely, query logged on users or simply connecting to your client computers with PowerShell then you have to enable WinRM on your clients.

At this point I would like to mention that my Active Directory Services Tool only works flawlessly with WinRM enabled clients. More about this tool here: Active Directory Domain Services Section (Version 1.1)

Unlike Windows Server operating systems, Windows client operating systems are missing the following settings:

  • No WinRM listener configured
  • No Firewall exception configuredwf.PNG
  • The WinRM service is disabledUnbenannt.PNG

Let’s change this. We have to configure three settings for our client computers.

Creating the GPO

On a domain controller of your domain open gpmc.msc and create a new GPO (Group Policy Object).

1.PNG

Enter a name for your new GPO and hit OK.

Unbenannt.PNG

Configuring the Settings for WinRM

Next, right-click on your newly created GPO and select Edit.

Unbenannt.PNG

Creating the Firewall Exception

Navigate to

Computer Configuration – Windows Settings – Security Settings – Windows Firewall with Advanced Security – Inbound Rules.

Right click on Inbound Rules and select New Rule

Unbenannt.PNG

Select Predefined and choose Windows Remote Management from the drop down menu.

1.PNG

Next, uncheck the predefined rule for the public networks.

2.PNG

Make sure Allow the connection is selected. Click Finish.

3.PNG

Check the settings.

4.PNG

We’re done with the first part. Let’s move on configuring the WinRM service.

Configuring the WinRM Service

Right click on your GPO and select Edit again.

Navigate to

Computer Configuration – Preferences – Control Panel Settings – Services

Right click on Services and choose New – Service. You have to configure Startup, Service name and Service action as below:

Unbenannt.PNG

Click OK. We’re done here. Next we will configure the WinRM listener.

Configuring the WinRM Listener

Edit your newly created GPO for the last time. Navigate to

Computer Configuration – Policies – Administrative Templates – Windows Components – Windows Remote Management (WinRM) – WinRM Service

Open Allow remote server management through WinRM. Click on Enabled.

Now enter the values for the IPv4 and IPv6 filters. Let’s stop here for a short explanation. If you enter * then all computers in your domain are permitted to establish a connection via WinRM. If you want to restrict access to a single computer then I recommend to provide the IP address of that remote host(s).

Unbenannt.PNG

Click OK.

Link the GPO to the OU of your Client Computers

In my case all client computers are in the OU Workstations. So I click on the GPO and link it by drag & drop to the OU Workstations.

Unbenannt.PNG

Next, I run gpupdate on all client computers by right-clicking the OU and running Group Policy Update.

Unbenannt.PNG

Unbenannt.PNG

Testing the Settings

You should now be able to connect to your client computers with PowerShell.

Unbenannt.PNG

There’s also a useful cmdlet to test if everything is working out fine. It’s called Test-WSMan and it should show you something like this:


Test-WSMan -ComputerName client01

Unbenannt.PNG

You should now also be able to use my Active Directory Domain Services Tool to perform some awesome actions, for example gathering information about the logged on users.

Unbenannt.PNG

Download the tool here: Active Directory Domain Services Section (Version 1.1)

11 replies »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.