Enabling PSRemoting with Group Policy
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
To get started we need to enable PSRemoting on our target computers. We can do that by entering the “Enable-PSRemoting” command within an administrative PowerShell console:
A more efficient way would be to create a Group Policy Object that will enable PSRemoting. This is the method that we will use. Log in to your Domain Controller, open Group Policy Management, and create a new GPO at the root of your domain (or where your target computers are located)
Open that GPO and navigate to the following setting:
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (RM) > WinRM Service > Allow remote server management through WinRM
Right-click and choose Edit. Enter the IP address of your primary domain controller (or wherever you want to push your DSC configurations from):
Next, let’s enable the firewall. Navigate to:
Computer Configuration > Windows Settings > Security Settings > Windows Firewall WIth Advanced Security > Windows Firewall WIth Advanced Security > Inbound Rules
Right-click and select New Rule...
Select Predefined > Windows Remote Management:
Click Next until you get to the Predefined Rules page, then deselect the public rule:
Click Next until you finish the wizard. Now let’s make these rules a little more secure. Right now they allow a connection from any IP address on the domain and private profiles. Let’s restrict the connection to our Domain Controller and remove the private profile altogether.
Right-click the rule and select Properties:
Under the scope, remove any settings and click Add to add the IP address of our Domain Controller where we will be initiating the DSC pushes (and PSRemoting) from:
Next, go to the Advanced tab and unselect all profiles except Domain:
Click Apply and OK.
Next, go right-click Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Windows Remote Management (WS-Management)
Right-click and select properties. Select Define the policy setting and Automatic:
Click Apply then OK. Now we are done configuring our GPO. Next, we either wait for your workstations to refresh their group policy or manually log in and run “gpupdate /force”
Once you have done this, you will be able to run PowerShell remoting commands (and DSC pushes) from your Domain Controller server (Remember we configured 192.168.1.10 in the GPO)
We can test the connection from our domain controller with the following commands:
$TargetServer = “MDWS01”
Test-NetConnection -Port 5985 -ComputerName $TargetServer
Test-WSMan -ComputerName $TargetServer
Enter-PSSession -ComputerName $TargetServer
hostname
I can see all of the commands successfully completed and I am able to execute PowerShell commands on the remote computer. Be sure to exit the PowerShell remote session.
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
