Configuring WinRM on windows hosts

WinRM is required by some monitoring plug-ins.

This guide will help you to install and configure WinRM for remote access.

 

Install WinRM

Verify that WinRM is installed and configured for remote access

  1. Open a Powershell session from a remote machine
  2. Enter: Enter-PSSession -ComputerName <target machine>: refer to the return message

Verify that WinRM is installed and configured on the target machine

  1. Connect to the machine
  2. Open a Powershell session
  3. Enter: Get-Service WinRM

If WinRM is installed and running, the response will be similar to this:

If this is not the case, you may need to install Windows Management Framework 4.0 package.

Configure WinRM for remote access

  1. Connect to the machine
  2. Open a Powershell session
  3. Enter : Enable-PSRemoting
  4. Enter’T’
  5. To allow a single host : Set-Item WSMan:\localhost\Client\TrustedHosts <host name or IP address>
  6. To allow all hosts : Set-Item WSMan:\localhost\Client\TrustedHosts *
  7. Execute on the command linewinrm quickconfig puis winrm set winrm/config/service/auth ‘@{Basic=”true”}’
  8. Execute on the command linewinrm set winrm/config/service ‘@{AllowUnencrypted=”true”}’
  9. RestartWinRM : Restart-Service winrm
  10. To check the WinRM configuration : winrm get winrm/config 

Ressources : https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/

 

 WinRM user rights

In order to connect remotely, it is necessary to be part of the Administrators group (or Remote Management Users for Windows 2012 and above) either by being directly connected with the correct account (for example via a domain administrator user) or by using authenticating as an administrator via the Credential parameter.

On Windows 2012 and later, it is necessary to add a registry key on the remote computer so that the Administrators and Remote Management Users groups have the right to connect via Remote Powershell:

On the host : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

You must add the key DWord : LocalAccountTokenFilterPolicy with the value 1.

Source : https://blog.piservices.fr/post/2013/10/30/Powershell-Gestion-a-distance

 

In order to connect via WinRM to the target machine, the user must be part of the “Local Administrator” group of the target machine..

Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/aa384295%28v=vs.85%29.aspx

 

 

UK ServiceNav Product Development Manager; my priority is to be needful of the particular requirements of all ‘English-speaking’ markets where ServiceNav is sold. I have over 20 years experience of the IT monitoring field - covering a wide variety of products and technologies.