How to Enable PSRemoting (Locally and Remotely)

choubertsprojects

VPN offers!

1. NordVPN

2. Surfshark

3. ExpressVPN

PlayStation remoting is a way for you to use your PS4 remotely on another PC. It comes in handy when playing games with friends and family, or when you want to play while at work. This tutorial will help walk through enabling psremoting locally and remotely.,

The “enable winrm powershell remotely” is a feature that allows users to access the Windows Remote Management service. This can be done locally or remotely.

How to Enable PSRemoting (Locally and Remotely)

Even if PSRemoting is enabled by default on Windows, it is not always activated. This article is for you if you need to check whether PSRemoting is enabled or activate PSRemoting on Windows.

This guide will show you how to enable PSRemoting on both local and remote machines running Windows in a variety of methods.

Let’s get going!

The Ultimate Guide to PowerShell Remoting

Enabling PSRemoting Has a Big Impact

If you’re new to PowerShell Remoting, you may imagine that activating it is as simple as typing one command. Perhaps you’ve seen references to the Enable-PSRemoting PowerShell cmdlet and assumed that when you execute it, something merely flips a little. You’d be mistaken.

When you hear about enabling PSRemoting, you should be aware that several tasks must be completed in the background. PowerShell Remoting has a few requirements since it relies on other systems to function effectively.

When you call the Enable-PSRemoting cmdlet without any arguments on Windows, it accomplishes the following tasks:

  1. The WinRM service has been launched and is scheduled to start automatically.
  2. Creates a listener for HTTP traffic on the default WinRM port 5985.
  3. Allows WS-Management to use firewall exceptions.
  4. The PowerShell session settings are registered with WS-Management.
  5. The PowerShell session settings are enabled.
  6. Allows remote access using PowerShell remote sessions.
  7. To implement all of the modifications, restart the WinRM server.

Aren’t you relieved you don’t have to do everything by hand? Why bring this up when the Enable-PSRemoting cmdlet handles everything? Because there will be occasions when something fails and you must troubleshoot the problem.

PSRemoting on Windows Default Settings

PSRemoting is enabled by default in Windows since its inception, although not globally or for all Windows OS versions.

PSRemoting is always deactivated on all Windows client System Softwares.

PSRemoting is enabled in Windows Server at times but not always, depending on the Network Description Windows is using. Below is a table that will help you identify whether PSRemoting is enabled on your Windows OS.

System SoftwareNetwork DescriptionPSRemoting
Microsoft Microsoft Windows Server 2008 R2Domain/PrivateDisabled
Microsoft Microsoft Windows Server 2008 R2PublicDisabled
Windows Server 2012 & NewerDomain/PrivateEnabled
Windows Server 2012 & NewerPublicWithin the same subnet, enabled

Linux, on the other hand, is straightforward. PSRemoting does not exist! PowerShell isn’t even installed by default. You’ll need to set it up if you wish to use PSRemoting on Linux.

PSRemoting with Windows and Linux: How to Set It Up

Let’s get down to business and teach you how to use PSRemoting!

Prerequisites

Please make sure you have the following items before proceeding with the examples in this section:

  • A Microsoft Microsoft Windows Server 2008 R2 or later machine
  • In the local administrators group, a local or Active Directory domain user.

Locally enabling PSRemoting

The built-in Activate-PSRemoting command is one of the simplest methods to enable PSRemoting. As you learned before, this command provides a shortcut for setting a variety of services to support PowerShell Remoting.

Using the cmdlet Enable-PSRemoting

If you execute this command without any arguments, it will behave differently depending on the operating system you’re using. The essential procedures are the same on any modern Windows OS. The firewall rules are activated, PSRemoting is enabled, and the WinRM HTTP listener is built. The main distinction is how public networks are managed.

The firewall rule for Public networks on a Server OS, such as Windows Server 2019, permits remote connections from other devices on the same network. A client OS, such as Windows 10, will display an error claiming that you are connected to a public network.

If you’re unsure what Network Description Windows is running under, run the following command:

PSRemoting should only be used on a secure network since it is simply a web server that listens for distant connections.

Get-NetConnectionProfileGet-NetConnectionProfile

If you’re OK with running PSRemoting on a Network Description other than Private or Domain, you can skip the Network Description check by using the SkipNetworkProfileCheck parameter. Using this parameter will open up WinRM ports on the Windows firewall.

-SkipNetworkProfileCheck Enable-PSRemoting

Using the SkipNetworkProfileCheck parameter will open up the Windows firewall for PowerShell remoting on your current Network Description but will only allow remote connections from machines on the same subnet.

Enable-PSRemoting and two parameters that might be used with it go hand in hand. The settings are -Force and -Confirm. You may use -Force to bypass all of the questions that would typically appear when executing the Enable-PSRemoting command. You may get the same result by using -Confirm:$false.

Using the command winrm quickconfig

Before the Enable-PSRemoting cmdlet was created, the winrm quickconfig command was a common method to set up PSRemoting, and it still has its place. Simply typing winrm quickconfig will start the WinRM service, setup an HTTP listener, and activate firewall rules. Although Enable-PSRemoting does all of these tasks, it does not prepare the computer to handle remote PowerShell sessions.

Setting up HTTPS listeners is where the winrm commands come in helpful. While you can setup the HTTPS listener and HTTPS firewall rules manually, if you have an acceptable certificate for the HTTPS listener, you can just execute winrm quickconfig -transport:https.

Remotely enabling PSRemoting

So far, you’ve learnt how to activate PSRemoting on a local machine by executing a command. This creates a chicken-and-egg situation. PSRemoting lets you to execute commands on distant computers, but how can you do it without it?

PSexec, WMI, and Group Policy are three options.

Scripting using Psexec

PSExec is a useful tool that, like PSRemoting, enables you to perform remote commands. PSexec, on the other hand, has a unique communication strategy that you may take advantage of!

PSExec: A Comprehensive Guide

You may use PSexec to execute Enable-PSRemoting from your local machine using the command below. The following command runs psexec and connects to the ServerB server. It then launches a PowerShell process and runs Enable-PSRemoting with the -Force option to bypass the typical prompts.

ServerB.psexec.exe -h -s powershell.exe -Force Enable-PSRemoting

This technique is appropriate for one-time situations when you need to activate PSRemoting on a remote system, but it is not ideal for enabling PSRemoting on a large number of systems and does need the download of psexec.

Using WMI

PSexec does not always function. Many security programs disable psexec, but don’t worry, you have WMI as well!

Using PowerShell and the cmdlet Invoke-CimMethod You may tell PowerShell to connect to a remote machine using DCOM and call methods using the Invoke-CimMethod cmdlet.

WMI offers a Win32 Process class that enables you to call processes, which is fortunate for you. Invoke-CimMethod connects to the remote machine by calling a Create method against the Win32 Process and running Enable-PSRemoting, as illustrated below.

In the example below, the server name, credentials, and protocol are supplied in a hash table for the session connection. The arguments for the Invoke-CimMethod are then placed in the following hash table. After running these commands, a CIM session is started through the DCOM protocol, which launches a PowerShell process, which then performs the Enable-PSRemoting command.

@ $SessionArgs ‘ServerB’ is the computer name. Get-Credential + Credential New-CimSessionOption -Protocol Dcom = SessionOption @ $MethodArgs MethodName = ‘Create’ ClassName = ‘Win32 Process’ @SessionArgs Arguments = @ CimSession = New-CimSession “powershell Start-Process powershell -ArgumentList ‘Enable-PSRemoting -Force’” CommandLine = “powershell Start-Process powershell -ArgumentList ‘Enable-PSRemoting @MethodArgs Invoke-CimMethod

The Credential = Get-Credential line may be skipped if you’re doing this in a domain context and the person running the commands has administrator access on the destination server.

Group Policy in Action

The last, and arguably the best option for enabling WinRM across a wide range of computers is through group policy. When Group Policy in Action, you can create a single Group Policy Object and apply that policy across thousands of computers at once.

To utilize Group Policy, all machines must be part of an Active Directory domain.

You’ll need to establish three separate configuration settings to utilize Group Policy to allow WinRM across several PCs at once:

  1. Allow the WinRM service to run.
  2. For WinRm, open the Windows Firewall port.
  3. Allow connections to the WinRM listener by creating it.

To begin, connect to a domain controller through RDP or, better yet, install the RSAT package on a domain-joined workstation. The Group Policy Management Console (GPMC) should now be accessible.

Activate the WinRM Service

To make the WinRM service available on all target machines, follow these steps:

  1. Open up the GPMC and create a GPO. While in the new GPO, navigate to Computer Configuration —> Windows Settings —> Security Settings —> System Services
  2. Windows Remote Administration should be selected (WS-Management).
  3. Check the box for Define this policy setting in the setup panel.
  4. To have the WinRm service start automatically on startup, choose the Automatic radio button.
  5. To confirm the setting, click OK.

Activating the Windows Firewall

Then, on each of the target machines, open the WinRM port. While still modifying the GPO you just created:

  1. Navigate to Computer Configuration —> Windows Settings —> Security Settings —> Windows Defender Firewall with Advanced Security.

2. To create a new incoming rule, click New Inbound Rule.

3. Select Predefined on the first page, then Windows Remote Administration as shown below.

Windows Remote AdministrationWindows Remote Administration

4. On the following page, uncheck the box for the Rule for domain/private networks unless you know you’ll need to enable remote connections from public networks in your environment.

Rule for domain/private networks Rule for domain/private networks

5. Click Finish to establish the rule and leave the default of Allow the connection on the following screen.

Create the WinRM Filter List and Listener

Creating the WinRM listener ad and permitting connections to that WinRM listener is the last configuration item to add to your GPO. This option establishes a WinRM HTTP listener and enables connections from the given IPs or ranges.

While working on the WinRM GPO:

  1. Navigate to Computer Configuration —> Administrative Templates —> Windows Components —> Windows Remote Administration (WinRM) —> WinRM Service.

2. For the Allow remote service administration with WinRM option, choose Enabled.

3. Add an asterisk (*) to both the IPv4 and IPv6 filters in the Allow remote server administration with WinRM option, as shown below.

If you know ahead of time which hosts will be connected to all target computers, you may provide several hosts separated by a comma in each filter list.

WinRM allows remote server administration.WinRM allows remote server administration.

4. Confirm the updated GPO configuration by clicking OK.

The GPO in Action

The GPO should be formed and ready to use at this point. The last step is to deploy this GPO to all of the target machines where WinRM should be enabled. This article will not teach you how to assign a GPO to target PCs.

You should read this article if you don’t know how to assign a GPO to a group of machines in Active Directory.

Steps to Follow

You learnt how to enable PSRemoting in a variety of methods in this lesson. Your environment will determine how you enable PSRemoting, and I trust I’ve addressed your case here.

Now take everything you’ve learned and put it to work in your environment using PSRemoting!

The “enable-psremoting access is denied” error is a common one that many users encounter. This article will show you how to fix the issue.

Related Tags

  • enable-psremoting on remote computer
  • how to check if psremoting is enabled
  • get-psremoting
  • enable-psremoting not working
  • enable-psremoting gpo