Configuring WinRM for HTTPS

Mariia Tiurina 21 Reputation points
2021-03-09T15:50:22.32+00:00

Hi,
I need to configure WinRM port as Listener.

UPD:

Basing on instruction from article in comments I configured it to Address=*.

This option is not secure.
I need to restrict the number of allowed IPs on Address=<IP>

Which command can do it?

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,252 questions
0 comments
Accepted answer
  1. Karlie Weng 14,411 Reputation points Microsoft Vendor
    2021-03-16T04:55:02.12+00:00

    Hello @Mariia Tiurina

    Found from here:

    1. Firewall; enable a rule that only allows inbound WinRM connections from the specified subnet.
    2. Following, your initial line of thought, use the "Service" side of WSman instead of the "Client" side, i.e.
      Text
      Set-Item -Path WSMan:\localhost\Service\ -Name IPv4Filter -Value 10.10.10.1-10.10.10.254
    3. Use a Group Policy to configure the same setting Compter \ Policies \ Administrative Templates \ Windows Components \ Windows Remote Management \ WinRM Service \ Allow remote server management through WinRM: Enabled & Configure IPv4 Filter

    Other reference article:Installation and configuration for Windows Remote Management

    Best Regards
    Karlie

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fan Fan 15,291 Reputation points Microsoft Vendor
    2021-03-10T07:13:49.81+00:00
  2. Karlie Weng 14,411 Reputation points Microsoft Vendor
    2021-03-16T04:55:01.937+00:00

    Hello @Mariia Tiurina

    Found from here:

    1. Firewall; enable a rule that only allows inbound WinRM connections from the specified subnet.
    2. Following, your initial line of thought, use the "Service" side of WSman instead of the "Client" side, i.e.
      Text
      Set-Item -Path WSMan:\localhost\Service\ -Name IPv4Filter -Value 10.10.10.1-10.10.10.254
    3. Use a Group Policy to configure the same setting Compter \ Policies \ Administrative Templates \ Windows Components \ Windows Remote Management \ WinRM Service \ Allow remote server management through WinRM: Enabled & Configure IPv4 Filter

    Other reference article:Installation and configuration for Windows Remote Management

    Best Regards
    Karlie

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments