Hi Friends !!! Hope you all are doing well.
Today we will see how to enable powershell remoting in workgroup servers.
You may know how to enable it in a domain environment but in a workgroup environment it’s a bit different.
So let’s start…
High level steps would be:
- Run Enable-PSRemoting on the destination machine
- Start the WinRM service on the source machine
- Run Set-Item WSMan:\localhost\Client\TrustedHosts -Value <hostname> in source machine
- Do the firewall change in the destination server
- Add the subnet/IP in the WinRM (inbound) public profile firewall rule (Optional – if you are accessing from the public network)
How to Configure ?
Enable PS Remoting
When not enabled you will see something like the below error.
Login to target/destination server, open Powershell in admin mode and run following command
Note: use parameter -Force if required.
This will start the WinRM service and set its startup to automatic
- It will create an HTTP listener
You can verify this by running winrm enumerate winrm e winrm/config/listener
- It will enable the Windows Remote Management firewall rules
- It will create and configure the LocalAccountTokenFilterPolicy registry key
- It will reset the permissions on the four sessions hosts
You can verify this by running Get-PSSessionConfiguration
winrm e winrm/config/listener
Start the WinRM service on the Source machine
Now login to your source machine from where you will initiate the PS remoting session.
Start the winRM service using below powershell command, if not running
Should be in running state.
Add the destination server name OR IP in TrustedHost list
Now add the hostname or IP in source machin’s TrustedHost list
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 22.214.171.124
Check if the IP added in TrsutedHost list
Now allow the source IP in Firewall
Open Advanced firewall setting, go to Inbound Rule Section.
Find the following public profile WinRM rule
Now in the Scope tab, add the source IP, IP Subnet or IP range of the source. In test environment you can set it to Any IP Address ( not recommended in secure environments )
Here I have set “Any IP address” for testing purpose ONLY
Test PS Remoting
Now all set to test the connection now.
First let’s test the Telnet result.
Now let’s initiate the Powershell remote session from Source machine
And its work and session is established.
Just in case you are testing in AWS EC2 environment you need to perform an additional step to allow WINRM traffic to instance.
Check the Security Group attached to the instance and add the following inbound rule.
Note: This is a test environment hence allowed all in the Source section.
That’s it for today !! Thanks for reading, please share if you liked it.