Enable Powershell Remoting in Workgroup Servers

Introduction

Hi Friends !!! Hope you all are doing well.

Today we will see how to enable powershell remoting in workgroup servers.

You may know how to enable it in a domain environment but in a workgroup environment it’s a bit different.

So let’s start…

High level steps would be:

  • Run Enable-PSRemoting on the destination machine
  • Start the WinRM service on the source machine
  • Run Set-Item WSMan:\localhost\Client\TrustedHosts -Value <hostname> in source machine 
  • Do the firewall change in the destination server
  • Add the subnet/IP in the WinRM (inbound) public profile firewall rule (Optional – if you are accessing from the public network)

How to Configure ?

Enable PS Remoting

When not enabled you will see something like the below error.

Login to target/destination server, open Powershell in admin mode and run following command

Enable-PSRemoting

Note: use parameter -Force if required.

This will start the WinRM service and set its startup to automatic

  •         It will create an HTTP listener

             You can verify this by running winrm enumerate winrm e winrm/config/listener

  •         It will enable the Windows Remote Management firewall rules
  •         It will create and configure the LocalAccountTokenFilterPolicy registry key
  •         It will reset the permissions on the four sessions hosts

             You can verify this by running Get-PSSessionConfiguration

winrm e winrm/config/listener

Get-PSSessionConfiguration

Start the WinRM service on the Source machine

Now login to your source machine from where you will initiate the PS remoting session.

Start the winRM service using below powershell command, if not running

 Start-Service WinRM

Should be in running state.

Add the destination server name OR IP in TrustedHost list

Now add the hostname or IP in source machin’s TrustedHost list

Set-Item WSMan:\localhost\Client\TrustedHosts -Value 54.89.179.36

Check if the IP added in TrsutedHost list

(Get-Item WSMan:\localhost\Client\TrustedHosts).value

Now allow the source IP in Firewall

Open Advanced firewall setting, go to Inbound Rule Section.

Find the following public profile WinRM rule

Now in the Scope tab, add the source IP, IP Subnet or IP range of the source. In test environment you can set it to Any IP Address ( not recommended in secure environments )

Here I have set “Any IP address” for testing purpose ONLY

Test PS Remoting

Now all set to test the connection now.

First let’s test the Telnet result.

Now let’s initiate the Powershell remote session from Source machine

And its work and session is established.

Bonus

Just in case you are testing in AWS EC2 environment you need to perform an additional step to allow WINRM traffic to instance.

Check the Security Group attached to the instance and add the following inbound rule.

Note: This is a test environment hence allowed all in the Source section.

That’s it for today !! Thanks for reading, please share if you liked it.