Before remoting can be used, it must be enabled. In a domain environment, remoting can be enabled using a group policy:
- Policy name: Allow remote server management through WinRM
- Path: Computer configuration Administrative Templates Windows Components Windows Remote Management (WinRM) WinRM Service
If remoting is enabled using a group policy, a firewall rule should be created to allow access to the service:
- Policy name: Define inbound port exceptions
- Path: Computer Configuration Administrative Templates Network Network Connections Windows Firewall Domain Profile
- Port exception example: 5985:TCP:*:enabled:WSMan
Windows remoting can be enabled on a per-machine basis using the Enable-PSRemoting command.
Remoting may be disabled in PowerShell using Disable-PSRemoting. Disabling remoting will show the following warning:
PS> Disable-PSRemoting
WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps:
1. Stop and disable the WinRM service.
2. Delete the listener that accepts requests on any IP address.
3. Disable the firewall exceptions for WS-Management communications.
4.Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to members of the Administrators group on the computer.