Quick Steps to Enable Powershell Remoting

System Administrators coming from the Linux world are accustomed to using SSH and bash scripts to manage remote machines. The same concept can be used for managing Windows machines through PowerShell by enabling the remoting feature.

A number of articles are around explaining each command and how remoting in PowerShell works. Therefore, this article only provides the necessary steps to quickly enable the PowerShell remoting.

It is important to ensure proper security is in place at all times. Enabling remote scripting without adequate security measures will expose your machine to malicious attacks and security threats.

Enabling PowerShell Remoting

Enabling the remote feature of PowerShell requires that both the target and source machines be configured.

It is important to keep in mind that enabling PowerShell Remoting on the target machines is not enough for the two systems to communicate.

Enabling PowerShell Remoting on Target machines

  1. # Enable the PSRemoting on all interfaces even the Public Network Interfaces
  2. Enable-PSRemoting -Force -SkipNetworkProfileCheck -Verbose
  3. # Allow only remote access from specific computers
  4. Set-Item WSMan:\localhost\Client\TrustedHosts -Value '[List of IPs or Computer Names from where commands originate]'
  5. # If the remote commands are sent from computers not on the same workgroup, open the WinRM Public interface in the firewall
  6. Set-NetFirewallRule –Name "WINRM-HTTP-In-TCP-PUBLIC" –RemoteAddress Any
  7. # Configure the machine to accept remote commands
  8. Set-WSManQuickConfig
  9. # Restart the WinRM service
  10. Restart-Service WinRM

Line 4 in the above script is the most important line. Powershell Remoting is by default closed for all machines. That is, even if the Enable-PSRemoting is executed, still no other machine can send remote commands. Providing a comma separated list of IPs and Computer names to the Trusted Hosts will allow the specified machines to send remote commands.

Note: It is possible to allow all machines to send remote commands by setting the value in line 4 to ‘*’. However, this should only be used for testing purposes.

Enabling PowerShell Remoting on Source machines

  1. # Enable the PSRemoting on all interfaces even the Public Network Interfaces
  2. Enable-PSRemoting -Force -SkipNetworkProfileCheck -Verbose
  3. # Allow only remote access from specific computers
  4. Set-Item WSMan:\localhost\Client\TrustedHosts -Value '[List of IPs or Computer Names to where commands will be sent]'
  5. # Restart the WinRM service
  6. Restart-Service WinRM

Similar to the target machines, the source machines require a list of Trusted Hosts to which they can send commands.

GitHub Gists

References

Be Sociable, Share!