Skip to main content

Search

Welcome to Block 64 Support

How to enable WinRM on domain controller via GPO

Joseph Holland
  • Updated
  1. Open Group Policy Management on your domain controller
  2. Create a new Group Policy Object and give it a descriptive name; i.e “Block 64 WinRM Enablement”WinRM_CreateGPO.jpg
  3. Edit the new GPOWinRM_EditGPO.jpg
  4. Expand the Menu tree as follows: Computer Configuration > Policies > Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) > WinRM Service. Find the setting that says “Allow remote server management through WinRM” and right-click and click “Edit” to configure the settings. WinRM_EditGPO_2.jpg
  5. When the dialog box opens up, click “Enabled” and under the options section, either specify an IP Address range or put an Asterisk “*” IPv4 and IPv6 filter to allow all IP addresses to remotely manage the PC. Then click OKWinRM_EditGPO_3.jpg
  6. Then we need to enable the Windows Remote Mangement (WS-Management) Service to start automatically.
    Go to Computer Configuration >  Preferences > Control Panel Settings > Services and right-click and select “New” and the select “Service”. WinRM_Service.jpg
  7. We'll want to set Startup as Automatic, Service Name as WinRM and Service Action as Start service. Then click OK WinRM_Service_2.jpg
  8. Lastly we configure the Windows Firewall to Allow the proper ports inbound. Go to Computer Configuration > expand Policies > expand Windows Settings > expand Security Settings > expand Windows Firewall with Advanced Security > expand Windows Firewall with Advanced Security > expand InboundRules.Right-click the Inbound Rules node and choose New Rule.WinRM_Rule.jpg
  9. When the New Inbound Rule wizard box opens, click on the “Predefined” radio button and scroll down to “Windows Remote Management” and click Next. WinRM_Rule_1.jpg
  10. When Predefined Rules window opens, uncheck the box that says Public profile. We only allow WinRM access to the Private and Domain networks.Then Click the Next. WinRM_Rule_2.jpg
  11. Then make sure “Allow the connection” is checked and click Finish.WinRM_Rule_3.jpg
  12. Congratulations! You have successfully finished GPO to enable WinRM in your AD network. Now we will wait for the GPO to automatically propagate to all devices. To test immediately you may run ` gpupdate /force` on a desired device.