Skip to content
BLOG

How to enable WinRM

Brock Bingham candid headshot
Brock Bingham|Updated December 12, 2024
Dog drooling while reading content on laptop
Dog drooling while reading content on laptop
Sections

PowerShell is an incredible tool for IT professionals. But, if you don’t have Windows Remote Management (WinRM) enabled, you could be limiting the effectiveness of your PowerShell scripts and running into expected errors. In this guide, I’ll show you several methods you can use to configure WinRM on your Windows devices.

Test if WinRM is enabled

Before we start configuring WinRM, it’s a good idea to check to see if it’s not already enabled on your devices. To test if WinRM is enabled, run Test-WSMan from a PowerShell window. Here’s an example.

In this guide, I’m using PowerShell 7.x from an elevated command prompt. These commands should also work in Windows PowerShell, though you can get different results if you are using a mixture of Windows PowerShell and PowerShell 7.x on your devices.

Test-WSMan -ComputerName “computer_name”

Screenshot of PowerShell showing running a command on different devices to test if Windows Remote Management is enabled or not.

I ran this command on a few different computers, two with WinRM enabled and one with it disabled, so you can see the different results. This command is great if you’re like me and your biggest pet peeve is doing extra work for no reason.

Enable WinRM with the WinRM quickconfig command

The fastest and easiest way to enable WinRM is with the WinRM quickconfig command. WinRM quickconfig automatically configures several settings, such as WinRM listeners, inbound firewall rules, and the Windows Remote Management (WS-Management) service, to ensure WinRM is working properly.

Screenshot of PowerShell showing running the WinRM quickconfig command to configure WinRM.

In this screenshot, you see that the command walked me through several prompts, enabling the various settings to ensure WinRM is properly configured. Now if we rerun the test from the previous section, this device should now pass it.

Screenshot of PowerShell showing verifying that the quick configure command worked to enable WinRM.

While this command is very fast and easy to use, it does have a couple of drawbacks. First, since WinRM isn’t already enabled on the target devices, you’ll need to run the command locally on the client or run a remote PowerShell session with something like PsExec to run the command. Second, this method is only quick if you need to enable WinRM on a few machines. If you need to enable WinRM on dozens of devices or across an entire domain, you’ll want to use one of the methods discussed below.

Enable WinRM with Group Policy

Group Policy is a great option for enabling WinRM in a domain environment. With Group Policy, you can quickly enable WinRM, configure the WinRM service, and set your firewall rules. Group Policy also has several other features you can configure to customize your WinRM implementation.

Here’s how to enable WinRM with Group Policy and set the IP filters.

  1. Open your Group Policy Management Console.

  2. Right-click on an OU you want to apply the policy to, then click Create a GPO in this Domain, and Link it here.

  3. Name the policy Enable WinRM, then click OK.

  4. Right-click on the new GPO and click Edit.

  5. Expand Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

  6. Locate Allow remote server management through WinRM, and double-click it to edit the setting.

  7. Select Enabled.

  8. Enter a range of IP addresses in the IPv4 and IPv6 filter boxes or add an asterisk to allow all IP addresses.

    Screenshot of the "Allow remote server management through WinRM" window.

Next, let’s configure the WinRM service to start automatically.

  1. Navigate to Computer > Configurations > Preferences > Control Panel Settings > Services.

  2. Right-click in the Services window, then click New > Service.

  3. Change the Startup to Automatic (Delayed Start).

  4. Click the ellipsis button next to the Service name field.

  5. Find and select the service name WinRM.

  6. Select Start Service from the service action menu, then click Apply and OK.

    Screenshot of the "New Service Properties" window.

Lastly, we need to configure the firewall rules.

  1. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security > Windows Defender Firewall with Advanced Security.

  2. Right-click on Inbound Rules, then click New Rule.

  3. Select Predefined, then select Windows Remote Management from the drop-down menu.

  4. Click Next.

  5. Uncheck the public profile rule.

    Screenshot showing the public profile rule in the New Inbound Rule Wizard window.

  6. Click Next.

  7. Select Allow the connection, then click Finish.

With the Group Policy Object in place, any devices assigned that GPO will automatically have the necessary Windows Remote Management settings configured.

Enable WinRM with PDQ Deploy

If Group Policy isn’t an option for your environment, you can use PDQ Deploy to push out the WinRM quickconfig command to all your managed devices and Windows servers. To ensure we don’t interrupt any users, we’ll use the -quiet parameter to run the command silently.

  1. In PDQ Deploy, click New Package.

    Screenshot showing "New Package" button in PDQ Deploy.

  2. Add a name like Enable WinRM to your package.

  3. Click New Step > PowerShell.

  4. Add the command WinRM quickconfig -quiet to the PowerShell window.

  5. Click Save.

    Screenshot showing the above command and the "Save" button in the PowerShell window of PDQ Deploy.

Your WinRM package is ready to deploy to as many or as few devices as you need. This is a great way to limit the number of devices you enable WinRM on.

Enable WinRM with PDQ Connect

Enabling WinRM with PDQ Connect is a similar process to enabling it with PDQ Deploy, but Connect gives you the ability to deploy the package to remote devices. To create a WinRM enablement package in Connect:

  1. Click the Packages tab.

  2. Click Create package.

  3. Add a package name.

  4. Click the down arrow next to Add install step, then click Add script step.

  5. In the PowerShell window, enter the command WinRM quickconfig -quiet.

    Screenshot of adding a PowerShell command to a PDQ Connect package.

  6. When you’re ready, click Save to save the package.

To deploy the package:

  1. In the Packages tab, locate and select the package you just created, then click Deploy.

    Screenshot of selecting a package to deploy in PDQ Connect.

  2. Add your target devices or groups by searching for them in the Search devices and groups field.

  3. When you’re ready, click Deploy.

    Screenshot of adding targets to a deployment in PDQ Connect.

Keep in mind that WinRM doesn’t let you run commands across the internet to remote devices. You’ll still be limited to running commands against computers that are reachable through your network. WinRM is pretty cool, but not quite that cool.

ConnectIcon CTA

Easily run PowerShell scripts on remote devices

Need to run your awesome PowerShell scripts on remote devices? PDQ Connect can easily execute PowerShell scripts on any managed device with an active internet connection. 

Start a free trial

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

How MSPs manage tenants in Connect

How MSPs manage tenants in Connect

PRODUCT

PatchTuesday lightBlue

Patch Tuesday December 2024

SECURITY

Hero image illustration of PowerShell logo with rings.

How to search files for text strings with PowerShell

POWERSHELL