How to add servers to TrustedHosts list via PowerShell and command Prompt for the WinRM client

The WSMan provider for PowerShell lets you add, change, clear, and delete WS-Management configuration data on local or remote computers. The WSMan provider exposes a PowerShell drive with a directory structure that corresponds to a logical grouping of WS-Management configuration settings. For more on WSMan, see https://docs.microsoft.com/en-us/powershell/module/microsoft.wsman.management/about/about_wsman_provider?view=powershell-7

Windows by default has an empty TrustedHosts list, a list that contains those remote computers (hosts) that you can remotely manage from a client without authentication. In Windows environments using Windows Remote Management (WinRM) can help discover servers using the WinRM protocol. To run PowerShell commands on a device from a remote computer, we have to add the remote machine to the trusted hosts list of the host machine.

When you want to remotely manage a list of computer through WinRM (Windows Remote Management), you have to add computers to the TrustedHosts list. Otherwise, you may most likely encounter errors when communicating between the two sides. Using PowerShell, you can see what the current records are in the TrustedHosts file but also how to add new records depending on your scenario.

– Ensure the computers (servers) are added in the TrustedHosts. Instead of adding an individual host, use the asterisk (a wild-card) to add all subsequent hosts. Note, this is not recommended.

Below are the steps to add a server to the TrustedHosts for WinRM client.

Set-Item WSMan:localhost\client\trustedhosts -value *

To view the result below, use the command as shown below “Get-Item WSMan:localhost\client\TrustedHosts”

Note: You can add individual servers to the TrustHost via the following methods below.

Set-Item WSMan:localhost\client\trustedhosts -value ServerDC 

In this way, you can add multiple servers to the TrustedHosts for WinRM, provide a single, comma-separated, string of computer names.

Set-Item WSMan:\localhost\Client\TrustedHosts -Value 'ServerDC,AnsibleClient'

To make this command run in an unattended mode (silently) without prompting you to acknowledge the security configuration, add the -Force to the command as shown below.

Set-Item WSMan:localhost\client\trustedhosts -value ServerDC -Force

You can also read the trusted host list with PowerShell, run the command below.

Get-Item WSMan:\localhost\Client\TrustedHosts

To add all domain computers to the TrustedHosts list, use the command as follow, Set-Item WSMan:\localhost\Client\TrustedHosts *.yourdomain.com

Set-Item WSMan:\localhost\Client\TrustedHosts *.techdirect.local

Via the Command Prompt: Run the following command below

winrm set winrm/config/client @{TrustedHosts="RemoteComputerName"}

I hope you find these tips useful 😉
– For some troubleshooting tips, see https://www.codetwo.com/kb/troubleshooting-remote-powershell-connections/
– For errors connecting to a remote server failed and WinRM cannot process the request, see https://techdirectarchive.com/2020/03/25/connecting-to-remote-server-failed-and-winrm-cannot-process-the-request-the-following-error-with-error-code-0x8009030e-occurred-while-using-kerberos-authentication-a-specified-logon-session-does-not/
– For Windows Admin Center Error: Failed to create a scheduled task, there is no disconnected command associated with the runspace, see https://techdirectarchive.com/2020/03/26/windows-admin-center-error-failed-to-create-a-scheduled-task-there-is-no-disconnected-command-associated-with-the-runspace/
– Error: Failed to create a scheduled task, cannot perform the operation because the runspace pool is not in the open state, see https://techdirectarchive.com/2020/03/26/error-failed-to-create-a-scheduled-task-cannot-perform-the-operation-because-the-runspace-pool-is-not-in-the-open-state/

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x