How to enable WinRM with GPO

(Want to change something in this guide? Just do it on GitHub)

If you want to control a computer with PowerShell for example trough the network it's important that you have enabled WinRM services and also allowed WinRM in the Windows Firewall.
So I'll go trough how to do that now.
You can enable WinRM with GPO:s and to make that GPO to take effect you need to have the GPO in the same OU or above where your computer objects are stored.
(Insert picture)

First we need to open Group Policy Management and create the GPO

  1. From the start menu, open Control Panel.
  2. Select Administrative Tools.
  3. Select Group Policy Management.
  4. From the menu tree, click Domains > (Your domain).
  5. Right-click and select Create a GPO in this domain, and Link it here...
  6. Name it for example "Enable WinRM"

Now we need to allow WinRM

  1. Right click on "Enable WinRM" and select Edit
  2. Navigate to Computer Configuration > Policies > Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) > WinRM Service
  3. Right click on "Allow remote server management through WinRM" and click on Edit.
  4. Now mark it as Enabled and in every filed you should type *
  5. Click Apply and then OK

Now we need to enable the WinRM service

Make sure that you are still editing our GPO "Enable WinRM"

  1. Navigate to Computer Configuration -> Preferences > Control Panel Settings > Services
  2. Right click in the service window (white window to the right) and click New -> Service
  3. Change Startup to Automatic
  4. As Service Name you enter WinRM
  5. Change Service action to Start service
  6. Click Apply then OK

Now it's time to setup the firewall rules

Make sure that you are still editing our GPO "Enable WinRM"

  1. Now we need to enable Windows Firewall: Allow inbound remote administration exception

  2. Navigate to Computer Configuration > Policies > Administrative Templates: Policy definitions > Network > Network Connections > Windows Defender Firewall > Domain Profile

  3. Right click on Windows Firewall: Allow inbound remote administration exception and click Edit

  4. Mark it as Enabled and in every filed you should write *

  5. Click Apply and then OK

  6. Now we are going to add some firewall rules

  7. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules

  8. Right click in the with window to the right and click on New rule

  9. Select Predefined

  10. In the dropdown list select Windows Remote Management

  11. Make sure that both Windows Remote Management are checked, for the most secure option you should uncheck the one that says public. Click Next

  12. Make sure it's set to "Allow the connection" and then click Finish

Almost done

Now we have done almost everything we just need to make sure that the computers get the new GPO, we can do that in two ways.

  1. Restart the computer
  2. Open PowerShell or CMD as Administrator and write gpupdate /force and then press enter
Posts created 10

Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top
%d bloggers like this: