Workgroup (standalone) Computer as destination

Destination (remote) computer

Run the following on elevated PowerShell

#Set network as private, by default it will be detected as public
#If any network is configured as public, Enable-PSRemoting will fail
#On default, Get-NetConnectionProfile will return public
Set-NetConnectionProfile -NetworkCategory Private

#Enable and start WS-Management
#Force switch is used to skip subsequent prompts
Enable-PSRemoting -SkipNetworkProfileCheck -Force

#Enable Firewall for PSRemoting
$FirewallParam = @{
    DisplayName = 'Windows Remote Management (HTTP-In)'
    Direction = 'Inbound'
    LocalPort = 5985
    Protocol = 'TCP'
    Action = 'Allow'
    Program = 'System'
		Profile = 'Public'
}
New-NetFirewallRule @FirewallParam

#Enable WinRM to start listening
winrm quickconfig -force

On remote computer, enable firewall incoming rule to allow Port 5985-5986

Source (local) computer

Run the following on elevated PowerShell to add destination as trusted.

# Enable WSMan
Enable-PSRemoting -Force

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

You can change the wildcard to remote IP address

To see if the configuration has been entered, use the following command on PowerShell (not necessary to be elevated)

Get-Item WSMan:\localhost\Client\TrustedHosts

Domain Joined computer as destination

Destination (remote) computer

PowerShell

Run the following in elevated PowerShell

#Enable and start WS-Management
#Force switch is used to skip subsequent prompts
Enable-PSRemoting -Force

#Enable Firewall for PSRemoting
$FirewallParam = @{
    DisplayName = 'Windows Remote Management (HTTP-In)'
    Direction = 'Inbound'
    LocalPort = 5985
    Protocol = 'TCP'
    Action = 'Allow'
    Program = 'System'
		Profile = 'Public'
}
New-NetFirewallRule @FirewallParam

Please use PSRemoting only on trusted network

Group Policy

The following section will use Group Policy Management Console. Create a new Group Policy or use existing Group Policy, whichever suits you.

Enabling WinRM Service

On the section Computer Configuration > Windows Settings > Security Settings > System Services, select Windows Remote Management (WS-Management).

Change the setting to Automatic

Opening Windows Firewall Port

On the section Computer Configuration > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security, create New InboundRule.

On the predefined selection, choose Windows Remote Management. Enable only for Domain/Private network, and allow the connection.

WinRM Listener

On the section Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service, enable the setting Allow remote service management through WinRM.

You can put wildcard for IPv4 and IPv6 filter, or you can put your source IP address (e.g. 192.168.12.2-192.168.12.199)

Connecting to remote computer

Now, we are finally ready to remotely manage the machine via PowerShell Remoting

Enter-PSSession -ComputerName 10.0.0.2 -Credential (Get-Credential)
Last modified: 16 December 2022