GPO - allow remote server management trhough winrm


  • Hello all,

    I am setting up powershell so I can remote into another computer with the invoke command.
    When I set the computer policy "allow remote server management trhough winrm" I can specify a range of IP addresses or a single IP.

    When I set * as range my dc with the ip is able to do the remote commands
    When I set as range I am unable to do the commands...

    I also tried to enter the ip of the user which I am trying to connect to however it doesn't work.

    As soon as I switch it back to * everything works as planned ( also disabled IP v6 on client side to rule that out ).

    In short, if the requests comes from why doesn't it work if I specify the ip and does it work if I enter *?


    Sunday, May 24, 2015 10:58 AM


  • Hi Andre,

    Basiclly,  if you just add “*” in the field as this can potentially allow incoming connection form all network locations. That's why you get it works with the *. But as well, you can specify a specific ip address and remotely connected to it.

    Please be aware that WinRM is enabled by default on Windows Server 2012 to enable the Server Manager tool but it is not enabled for Windows client OS’s by default.As it is turned off by default on client OS’s the following describes how you can enable it using Group Policy.

    >>Firstly,“Allow remote server management through WinRM” policy setting found under Computer > Policies > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

    >>Next enable the “Windows Remote Management (WS-Management)” Service via the Group Policy Preferences Services

    >>And finally open up the firewall rules to allow the incoming TCP connection on the Domain Network profile.

    Go to Computer Configurations > Policies > Security Settings > Windows Firewall and Advanced Security > Windows Firewall and Advanced Security then right click on “Inbound Rules” and click on the “New Rule…” option.

    >>Check the “Predefined” option and select “Windows Remote Management” from the pop-down list and Click “Next”

    >>Then uncheck the top “Public” rule to again reduce the exposure of this services to the internet and then click “Next”

    >> Finish.

    You can check the below links for more details and reference:

    Hope it helps.

    Best Regards,


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact

    Tuesday, May 26, 2015 8:10 AM