A management service that implements WS-Management protocol to send and receive messages. WinRM is a listener service. A listener is defined by a transport (HTTP or HTTPS) and an IPv4 or IPv6 address. You can create more than one WinRM listener instance on a single computer by giving them a different TCP/IP address or port number. (from Microsoft Website)

PS C:\Windows\system32> Get-ChildItem -Path WSMan:\localhost\Listener

   WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener

Type            Keys                                Name
----            ----                                ----
Container       {Transport=HTTPS, Address=*}        Listener_1305953032
Container       {Transport=HTTP, Address=*}         Listener_1084132640

List the listeners

Get-ChildItem -Path WSMan:\localhost\Listener

winrm enumerate winrm/config/Listener

Create listeners


winrm create winrm/config/Listener?Address=*+Transport=HTTP


The HTTPS listener needs a certificate. In the following script, we create a self-signed certificate. It’s possible of course to specify another certificate by using its thumbprint.

$computername = ([System.Net.Dns]::GetHostByName(($env:computerName)).Hostname)
$c = New-SelfSignedCertificate `
-DnsName $computername `
-CertStoreLocation cert:\LocalMachine\My
winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"$computername`";CertificateThumbprint=`"$($c.ThumbPrint)`"}"

To add the necessary firewall rule:

netsh advfirewall firewall add rule name="WinRM-HTTPS" dir=in localport=5986 protocol=TCP action=allow

Delete listeners

Remove-Item -Recurse -Path WSMan:\localhost\Listener\*
Remove-Item -Recurse -Path WSMan:\localhost\Listener\Listener_1305953032


Pretty important, the Microsoft website on the subject.