5

I am using windows 7 machine, installed windows power shell. How to ensure that the Windows Firewall is configured to allow Windows Remote Management connections from the workstation. For example: netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any

I'm following above command, but not able to configure it.

coderanger
  • 52,400
  • 4
  • 52
  • 75
Raju
  • 375
  • 1
  • 4
  • 15
  • I'm tweaking the question and tags since this has nothing to do with Chef itself and is just about setting up WinRM. – coderanger Feb 22 '17 at 07:38
  • 1
    [Enable-PSRemoting](https://msdn.microsoft.com/en-us/powershell/reference/4.0/microsoft.powershell.core/enable-psremoting) should setup everything you need including the firewall rule. – henrycarteruk Feb 22 '17 at 08:20

3 Answers3

12

Enable-PSRemoting -force Is what you are looking for!

winrm quickconfigis good precaution to take as well, starts WinRM Service and sets to service to Auto Start

However if you are looking to do this to all Windows 7 Machines you can enable this via Group Policy

Lachie White
  • 1,246
  • 2
  • 14
  • 21
  • winrm quickconfig was necessary part for me.. echo following: `The following changes must be made: Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.` – Chuck D Mar 25 '20 at 19:16
1

It depends on which protocol you use.

The following one works for me:

Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any

Source: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-7.2#how-to-enable-remoting-on-public-networks

Changming Sun
  • 857
  • 2
  • 7
  • 19
0

I used this a few years ago to connect to a remote server and update WinRM before joining it to the domain. (the $server variable is part of a foreach statement). This part of my script updates -:

  1. Windows Firewall from Public to Private
  2. Windows Firewall to allow remote WMI Access
  3. Trusted Hosts is not domain-joined and therefore must be added to the TrustedHosts list
  4. Windows Firewall to allow RDP
  5. Enable RDP : 1 = Disable ; 0 = Enable
$RequestingServer = $env:COMPUTERNAME
#Local Server Admin Account
[STRING] $LocalUser = "Administrator" #Obviously Change Account
[STRING] $LocalPassword = "Password01" #Obviously Change Password
$LocalSecurePassword = $LocalPassword | ConvertTo-SecureString -AsPlainText -Force
$LocalCredentials = New-Object System.Management.Automation.PSCredential -ArgumentList $LocalUser, $LocalSecurePassword

                #Update Windows Firewall Remotely
                $LocalSession = New-PSSession -Computername $Server -Credential $LocalCredentials
                Invoke-Command -Session $LocalSession -ScriptBlock {
                
                $AddServer = $Using:RequestingServer
                
                #Update Windows Firewall from Public to Private
                Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
                #Update Windows Firewall to allow remote WMI Access
                netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
                #Update Trusted Hosts is not domain-joined and therefore must be added to the TrustedHosts list 
                Set-Item wsman:\localhost\Client\TrustedHosts -Value $AddServer -Force
                #Update Windows Firewall to allow RDP
                Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
                #Enable RDP : 1 = Disable ; 0 = Enable
                Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0
                }
NeoTheNerd
  • 566
  • 3
  • 11