In this section, we will configure WinRM to use HTTPS for an added measure of security. This ensures that if we need to pass sensitive information over a WinRM session, it cannot be read in clear text. Consult Microsoft KB article 2019527 (found at http://support.microsoft.com/kb/2019527) for information on how to obtain the SSL certificate required to enable WinRM HTTPS connections.

The following steps describe how to enable WinRM in Windows in the event that it has not been previously enabled:

1. Log in to the Horizon connection server that you will use for your remote sessions.
2. Enable and start the Windows Remote Management (WS-Management) service. This service should be set to start automatically.
3. From an elevated Windows Command Prompt on the server, execute the following command in order to enable inbound WinRM requests over HTTPS:

    winrm quickconfig -transport:https

4. When prompted, answer y to approve the operation, and verify that the operation succeeded, as shown in the following screenshot:

5. If the Windows firewall is enabled on the Horizon connection server, create a firewall rule that allows TCP port 5986 inbound. This is the port that is used when connecting to WinRM over SSL. If you wish to block WinRM over HTTP to ensure that only HTTPS can be used, then block TCP port 5985 inbound using an additional firewall rule.

WinRM should now be configured, and will be available to any users with local administrative access to the server.