locked
WINRM GPO for Powershell Remote Management? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have created a GPO that will enable WINRM for Powershell remote management. Everything is working just fine and I am able to remote into all the workstations through Powershell. 

    I have an issue with security though. How can I configure this GPO to ONLY allow a certain computer to be able to remote into other workstations? I don't want just everybody to be able to remote into everybody else computer.  

    The domain controller are server 2019 with a forest and domain level of server 2016. The work stations are all Windows 10.

    I have messed around with these settings changing from "*" to an actual IP address but nothing works. Should I be forcing a firewall change or something?

    Thursday, July 16, 2020 2:25 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hello,
    Thank you for posting here.

    Here is anarticle with detailed steps, we can refer to the steps.

    How to enable PowerShell Remoting via Group Policy
    https://www.techrepublic.com/article/how-to-enable-powershell-remoting-via-group-policy/

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    This "Group Policy" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details. 


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    "Group Policy" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Group Policy"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.
    Friday, July 17, 2020 8:41 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I have followed many websites with these same instructions, however none of them resolve the issue. The problem is once an IP address is inputted into the field it just doesn't work at all after that. If I use"*" it works but I need to secure it even more by allowing only a certain IP address only. Even though the instruction say it will work, it doesn't.



    • Edited by finsfree11 Friday, July 17, 2020 12:23 PM
    Friday, July 17, 2020 12:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    This doesn't work either. How can I only allow one computer be able to remote into all the computers in the domain using Powershell w/WINRM?

    Sunday, July 19, 2020 9:32 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hello,

    Thank you for your update.

    We can check as below:

    1.Enable Windows Remote Management
    Computer Configuration > Policies > Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) > WinRM Service.
    Right-click on Allow remote server management through WinRM and click Edit, type the IP address of the certain IP address only=> Apply this to all the computers that we need to connect remotely.

    2.Configure Windows Firewall Settings =>Apply this to all the computers that we need to connect remotely.

    3. Configure Windows Remote Service on this computer of the certain IP address only and all the computers that we need to connect remotely

    4. Run winrm qc on this computer of the certain IP address to see if we receive any message.

    Reference:
    Installation and Configuration for Windows Remote Management
    https://docs.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    "Group Policy" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Group Policy"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.
    Monday, July 20, 2020 6:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi
    How are things going on your end? Please keep me posted on this issue. 
    If you have any further questions or concerns about this question, please let us know.
    I appreciate your time and efforts.

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    "Group Policy" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Group Policy"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.


    Wednesday, July 22, 2020 5:20 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
    Thanks for your time and have a nice day!

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    "Group Policy" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Group Policy"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.
    Friday, July 24, 2020 5:15 AM