Service
PS C:\Windows\system32> Get-ChildItem -Path WSMan:\localhost\Service
WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Service
Type Name SourceOfValue Value
---- ---- ------------- -----
System.String RootSDDL O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
System.String MaxConcurrentOperations 4294967295
System.String MaxConcurrentOperationsPerUser 1500
System.String EnumerationTimeoutms 240000
System.String MaxConnections 300
System.String MaxPacketRetrievalTimeSeconds 120
System.String AllowUnencrypted false
Container Auth
Container DefaultPorts
System.String IPv4Filter *
System.String IPv6Filter *
System.String EnableCompatibilityHttpList... false
System.String EnableCompatibilityHttpsLis... false
System.String CertificateThumbprint
System.String AllowRemoteAccess true
Important: the IPv4Filter variable does filter which local interface is allowed to listen, not which IP is allowed to connect to the service ! so using a GPO to set it sets which machines are able to listen (NOT which machines are able to connect !).
Auth
PS C:\Windows\system32> Get-ChildItem -Path WSMan:\localhost\Service\Auth
WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Service\Auth
Type Name SourceOfValue Value
---- ---- ------------- -----
System.String Basic false
System.String Kerberos true
System.String Negotiate true
System.String Certificate true
System.String CredSSP false
System.String CbtHardeningLevel Relaxed
Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $false
Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value $true
Get the status of the WinRM service:
Get-Service -Name WinRM
(Re)start the WinRM service:
Start-Service -Name WinRM
Restart-Service -Name WinRM