1. Enable Remote Management
  • Enable remoting on server from your client. Changes "client name" to your client machine name
    • Enable-PSRemoting -Force
    • winrm s winrm/config/client '@{TrustedHosts="client name"}'
  • winrm quickconfig
  • Setup SSL
    • $certificate = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName ([System.Environment]::MachineName)
    • Export-Certificate -Cert $certificate -FilePath "$([System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::DesktopDirectory))\$([System.Environment]::MachineName).cer"
  • Show Listeners
    • Get-ChildItem wsman:\localhost\listener
    • winrm enumerate winrm/config/listener
  • Remove old HTTP listeners
    • Get-ChildItem WSMan:\Localhost\listener | Where -Property Keys -eq "Transport=HTTP" | Remove-Item -Recurse
  • Add new HTTPS listeners
    • New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address
      • -CertificateThumbPrint $certificate.Thumbprint –Force
  • Import Certificate on client machine, just change [server name] to the server name
    • Import-Certificate -CertStoreLocation 'Cert:\LocalMachine\Root' -FilePath "$([System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::DesktopDirectory))\[server name].cer"
  • Validate Settings
    • winrm g winrm/config
    • Get-Service winrm
  • Enable Firewall Entry
    • New-NetFirewallRule -DisplayName 'Windows Remote Management (https)' -Profile @('Domain', 'Private') -Direction Inbound -Action Allow -Protocol TCP -LocalPort @('5986')
  • Test Connection
    • Test-WSMan -Computername "server name" -UseSSL