Disable WinRM PowerShell Remoting

Roger Roger 6,326 Reputation points
2023-12-30T11:24:40.5166667+00:00

Hi All

I have a requirement to Disable or Harden PowerShell Remoting and WinRM Services. The impact what i see is one server cannot connect to another server using remote powershell scripts. Please also let me know what possible issues we can come across by disabling this.

Computer Configuration-->Policies-->Administrative Templates-->Windows Components-->Windows Remote Management (WinRM)-->WinRM Service-->Allow remote server management through WinRM-->Disabled

I would prefer to go with enabling it rather than disabling and adding the required ip addresses.if i go with the above approach do also i need to allow those ips in windows firewall by creating inbound rule or connection security rules.

Computer Configuration-->Policies-->Windows Settings-->Security Setting-->Windows Firewall with Advanced Security-->Inbound Rules-->New Rule-->Predefined-->Windows Remote Management-->Allow the connection

under scope--specify remote ip addresses.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,781 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,519 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,848 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,544 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,568 questions
{count} votes

Accepted answer
  1. Konstantinos Passadis 19,161 Reputation points MVP
    2024-01-01T20:06:35.25+00:00

    Hello @Roger Roger !

    The impact is that any remote Powershell Operations will fail

    BUT

    You can filter this only to allow Internal IPs , or by server and pair of servers so you will have at one hand the Hardening , and also the operational access you may need

    You can create an inbound rule that allows connections on the WinRM port (typically 5985 for HTTP and 5986 for HTTPS) but restrict the source IP addresses to your LAN's IP range. This can be done through Windows Firewall with Advanced Security

    Have a look please :

    https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.4


    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.