Enable PSRemoting with Group Policy

Overview

In this tutorial you are going to learn how you can enable PowerShell remoting (PS remoting) on your domain computers with Group Policy.

Quick / manual solution

If you only need to enable PSRemoting on a few servers, you can quickly do so by running the following PowerShell command:

Enable-PSRemoting

Group Policy Method

A more efficient way would be to create a Group Policy Object that will enable PSRemoting. This is the method that we will use. Log in to your Domain Controller, open Group Policy Management and create a new GPO at the root of your domain (or where your target computers are located)

Open that GPO and navigate to the following setting:

Computer Cponfiguration > Administrative Templates > Windows Components > Windows Remote Management (RM) > WinRM Service > Allow remote server management through WinRM

Right-click and choose Edit. Enter the IP address of your primary domain controller (or wherever you want to push your DSC configurations from):

Next let’s enable the firewall. Navigate to:

Computer Configuration > Windows Settings > Security Settings > Windows Firewall WIth Advanced Security > Windows Firewall WIth Advanced Security > Inbound Rules

Right-click and select New Rule...

Select Predefined Windows Remote Management:

Click Next until you get to the Predefined Rules page, then deselect the public rule:

Click Next until you finish the wizard. Now let’s make these rules a little more secure. Right now they allow a connection from any IP address on the domain and private profiles. Let’s restrict the connection to our Domain Controller and remove the private profile altogether.

Right-click the rule and select Properties:

Under the scope, remove any settings and click Add to add the IP address of our Domain Controller where we will be initiating the DSC pushes (and PSRemoting) from:

Next go to the Advanced tab and unselect all profiles except Domain:

Click Apply and OK.

Next, go right-click Computer Configuration > Policies Windows Settings > Security Settings > System Services > Windows Remote Management (WS-Management)

Right-click and select properties. Select Define the policy setting and Automatic:

Click Apply then OK. Now we are done configuring our GPO. Next we either wait for your workstations to refresh their group policy or manually log in and run “gpupdate /force”

Once you have done this, you will be able to run PowerShell remoting commands (and DSC pushes) from your Domain Controller server (Remember we configured 192.168.1.10 in the GPO)

We can test the connection from our domain controller with the following commands:

$TargetServer = “MDWS01”
Test-NetConnection -Port 5985 -ComputerName $TargetServer
Test-WSMan -ComputerName $TargetServer
Enter-PSSession -ComputerName $TargetServer
hostname

I can see all of the commands successfully complete and I am able to execute PowerShell commands on the remote computer. Be sure to exit the PowerShell remote session

lgpo
Facebook Comments