Enable Winrm By GPO

Setup via Group Policy Object (GPO) If the above solution didn't work for you, then setting up a GPO to do all the configuration is the next best thing, as you can assign it to any given computer or OU if necessary. Below are instructions for Windows 2012 R2 Server GPO setup.

  1. Open Group Policy Management from within Administrative Tools folder.

  2. Right-click on the desired OU that you want to create a Group Policy Object for and click on “Create a GPO in this Domain, and Link it here…

  3. Rename the GPO to whatever you would like, “Enable WinRM via GPO” or something along those lines then click OK.

  4. Now that the new GPO has been created, right-click on the Newly created GPO and click “EDIT“.

  5. Expand the Menu tree as follows: Computer Configuration > Policies > Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

  6. Find the setting that says “Allow remote server management through WinRM” and right-click and click “EDIT” to configure the settings. (see image below)

  1. When the dialog box opens up, click “Enabled” and under the options section, either specify an IP Address range or put an Asterisk “*” to allow all IP addresses to remotely manage the PC. (We recommend specifying an IP Address to reduce any risk of a security compromise of your systems/network).

  1. Now lets enable the Windows Remote Mangement (WS-Management) Service to start automatically. Go to Computer Configuration > Preferences > Control Panel Settings > Services and right-click and select “NEW” and the select “Service“.

  2. A New Service Properties window will come up and you will need to change Startup to “Automatic (Delayed Start)” and then in the Service Name dialog box, click the box with the 3 dots in it to the right of the Service name box and select “Windows Remote Management (WS-Management)” and click the Select button.

  3. Once you've selected the Service, under the “Service action:” pull down, we'll want to click “Start service“.


Last Step of this Process is to configure the Windows Firewall to Allow the proper ports inbound.Go to Computer Configuration > expand Policies > expand Windows Settings > expand Security Settings > expand Windows Firewall with Advanced Security > expand Windows Firewall with Advanced Security > expand Inbound Rules.Right-click the Inbound Rules node and choose New Rule. (see screenshot below)

When the New Inbound Rule wizard box opens, click on the “Predefined” radio button and scroll down to “Windows Remote Management” and click on it. (see screenshot below)


  1. Next we'll click on the Left Sidebar menu item that says “Predefined Rules” in order to not Allow the Firewall to open this Port to the Public network.When the window opens, uncheck the box that says Public profile next to it, as seen in the image below. This ensures that we only allow WinRM access to the Private and Domain networks.Then Click the Next button:

The Last screen of the New Inbound Firewall Wizard will just ask whether to Allow The Connection or block it.Make sure the that “Allow the connection” radio box is checked and click Finish.


At this point, you've successfully finished the GPO and you'll need to wait for the GPO to propagate throughout your network.

13 vues0 commentaire

Posts récents

Voir tout