This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
For security reasons, our company wants to disable the WinRM service, but we don't know the impact of disabling it on the production platform.
So we thought about the ability to disable the service and re-enable it automatically via GPO as needed without any user interaction?
I don't know if it's possible or not, and if YES how can we do it?
Can anyone help me please.
thank you.
If I were in your position, I think that I would be trying to address whatever security vulnerability was identified, rather than disabling that service. From a server management perspective, WinRM can be very useful.
@MotoX80 Thank you for the answer.
Yes, since there is no way to disable and enable the service automatically as needed.
I am studying the possible way to secure the use of WinRM.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
To enable or disable WinRM (Windows Remote Management) via Group Policy, you can follow these steps:
Open the Group Policy Management Console (GPMC): On a domain controller or a computer with the GPMC installed, open the Group Policy Management tool.
Create a new Group Policy Object (GPO) or edit an existing one: Right-click on the desired domain or organizational unit (OU) and select "Create a GPO in this domain, and Link it here" or "Edit" if you already have a GPO in place.
Configure the WinRM settings:
For enabling WinRM: In the Group Policy Editor, navigate to "Computer Configuration" > "Policies" > "Administrative Templates" > "Windows Components" > "Windows Remote Management (WinRM)".
Double-click on the "Allow remote server management through WinRM" policy setting.
Select the "Enabled" option and click "OK".
For disabling WinRM: In the Group Policy Editor, navigate to "Computer Configuration" > "Policies" > "Administrative Templates" > "Windows Components" > "Windows Remote Management (WinRM)".
Double-click on the "Disallow remote server management through WinRM" policy setting.
Select the "Enabled" option and click "OK".
Apply the Group Policy Object: Link the GPO to the appropriate domain, site, or OU where you want to enable or disable WinRM.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 39%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
There is no "Disallow remote server management through WinRM"
I think you mean "Allow remote server management through WinRM"
Moreover, you also need to choose WINRM client or WINRM Server to see these registry keys.
ChatGPT needs improving.
Well you can block the incoming traffic with the Windows firewall.
At the company that I used to work for, the auditors or someone from the security team, would run software that scanned our network and produced a report on vulnerabilities. Typically, this report listed the CVE vulnerability id which we could then research to see if it really applied to our environment. Sometimes the report would list the KB123456 patch that needed to be installed to mitigate the vulnerability.
Do you have a regularly scheduled patch install process? Are your servers up to date with security related updates? Did anyone give you a CVE id that explains the vulnerability?
@MotoX80 There are servers with security updates installed and others with EOL operating systems (WS2008R2 / WS2003...) and at the moment they cannot be migrated.
The auditors mentioned in reports that we need to disable WinRM services without specifying the CVE of the vulnerability.
I guess that it all depends on your environment, how you manage servers, and how many of them that you have to support. Start by manually disabling the WinRM service on some test servers and see if that impacts anything.