Enabling and Configuring WinRM via GPO

Posted on Temitope Odemo By Temitope Odemo No Comments on Enabling and Configuring WinRM via GPO
Banner

In this guide, I will show you how to Enable and Configure WinRM via GPO. Microsoft Windows Remote Management (WinRM) is an implementation of the WS-Management protocol, which is a standard Simple Object Access Protocol (SOAP). Please “Cannot find the computer: Fix the following error occurred while using Kerberos authentication“, and how to fix “An error occurred while attempting to connect to the server: Check if the Virtual Machine Management service is running or you are not authorized to connect to this server“.

This is a firewall protocol that allows communication between hardware and operating systems of different vendors. WinRM is part of the Windows operating system but for you to obtain data from a remote computer, you must configure a WinRM listener.

This is one utility tool that IT Pros who are experts in writing scripts to automate the management of servers and want to obtain data for management applications.

Please, see Configure Windows Admin Center on Windows Server 2019, and Why Software KVMs such as Synergy is replacing Hardware KVMs. Also, see how to Configure WinRM to accept connection from a specific IP Address“.

WinRM vs RDP

WinRMRDP
WinRM is a protocol for remote management.Remote Desktop (RDP) is a protocol for remote desktop access.
WinRM allows for remote execution of management commands.RDP provides a graphical interface for remote desktop access.

Read more about How to enable or disable WinRM via the command-line, WinRM and PSRemoting: How to configure servers for remote access, Determine Windows PowerShell version and see if WinRM is running via Test-WSMan

Steps to Enable and Configure WinRM via GPO

1: Open Group Policy Management on your domain controller by running gpmc.msc

Enabling and Configuring WinRM via GPO-GPM

2. Create a new Group Policy Object and name it. I will give mine “TechDirectGPO”.

Enabling and Configuring WinRM via GPO-Group policy object

3. Enter the New GPO and click OK.

Enabling and Configuring WinRM via GPO-NewGPO

4. Edit the new GPO. Right-click on the GPO and click on Edit.

GPO Edit

5. Click Computer Configuration and navigate to Policies > Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

WinRM Client

6. On the settings panel right click “Allow remote server management through WinRM” and click “Edit” to configure the settings.

WinRM Edit

Enable WinRM

7. After the dialog box opens click “Enabled” and under the IP Options section, specify an IP Address range or put an Asterisk “*” in the IPv4 filter and IPv6 filter text box.

The range of IP’s you input will only be allowed to remotely manage the PC but when you input “*” it means all IP addresses will be allowed to remotely manage the PC. Then click OK.

Enabling and Configuring WinRM via GPO-WinRM

Please see How to determine Tombstone Lifetime in Active Directory, and how to configure a remote Windows Server to Support Ansible.

Automatic Startup

8. Enable the Windows Remote Management (WS-Management) Service to start automatically. Navigate to Computer Configuration >  Preferences > Control Panel Settings > Services. Right-click Services > New > Service.

Services

9. Under the New Service Properties set Startup as Automatic. Enter Service Name as WinRM and select Service Action as Start service. Then click OK.

New Service Properties

Windows Firewall

10. We will now configure the Windows Firewall to Allow the proper ports inbound network traffic to the PC.

Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > InboundRules. Right-click Inbound Rules and select New Rule.

Firewall

11. On the New Inbound Rule wizard box, check the “Predefined” rule option and select “Windows Remote Management” and click Next.

Predefined rules

12. On the Predefined Rules page uncheck the Public profile box. This will allow only the WinRM access to the Private and Domain networks. Click Next.

Predefined rules

13. Select the “Allow the connection” box and click Finish.

Allow the connection

Windows Remote Management (HTTP-In) Properties

inbound rules

We have successfully finished enabling and configuring WinRM to our Active Directory Domain via GPO. You will need to wait for some period for the GPO to automatically propagate to all devices.

But if you want the GPO to propagate immediately then you can run “gpupdate /force” on a specific workstation.

Please take a look at the YouTube video below demonstrating these steps.

I hope you found this blog post on Enabling and Configuring WinRM via GPO Interesting and helpful. If you have any questions do not hesitate to ask in the comment section.

5/5 - (1 vote)
Windows, Windows Server Tags:, , , , ,

Related Posts

More Related Articles

BitLocker removal on Windows Server How to correctly disable BitLocker on Windows Server Windows Server
FQWD Logoff or Restart or Shutdown Windows PC remotely Windows
jmeterimage Apache JMeter Load Testing: Test Mobile Apps on Windows Configuration Management Tool
find my device banner How to Enable Find My Device on Windows 11 Windows
How to Fix Windows 11 File Explorer lags and freezes issue How to Fix Windows 11 File Explorer Lags and Freezes Issue Windows
Various Msiexec.exe Command Line Switches Various Msiexec.exe Command Line Switches Windows Server

Leave a Reply