Service

PS C:\Windows\system32> Get-ChildItem -Path WSMan:\localhost\Service


   WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Service

Type            Name                           SourceOfValue   Value
----            ----                           -------------   -----
System.String   RootSDDL                                       O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
System.String   MaxConcurrentOperations                        4294967295
System.String   MaxConcurrentOperationsPerUser                 1500
System.String   EnumerationTimeoutms                           240000
System.String   MaxConnections                                 300
System.String   MaxPacketRetrievalTimeSeconds                  120
System.String   AllowUnencrypted                               false
Container       Auth
Container       DefaultPorts
System.String   IPv4Filter                                     *
System.String   IPv6Filter                                     *
System.String   EnableCompatibilityHttpList...                 false
System.String   EnableCompatibilityHttpsLis...                 false
System.String   CertificateThumbprint
System.String   AllowRemoteAccess                              true

Important: the IPv4Filter variable does filter which local interface is allowed to listen, not which IP is allowed to connect to the service ! so using a GPO to set it sets which machines are able to listen (NOT which machines are able to connect !).

Auth

PS C:\Windows\system32> Get-ChildItem -Path WSMan:\localhost\Service\Auth


   WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Service\Auth

Type            Name                           SourceOfValue   Value
----            ----                           -------------   -----
System.String   Basic                                          false
System.String   Kerberos                                       true
System.String   Negotiate                                      true
System.String   Certificate                                    true
System.String   CredSSP                                        false
System.String   CbtHardeningLevel                              Relaxed
Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value $false
Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value $true
Get the status of the WinRM service:
	Get-Service -Name WinRM
(Re)start the WinRM service:
	Start-Service -Name WinRM
	Restart-Service -Name WinRM