Windows 7 / Networking

---

Windows Remote Management Service

The Windows Remote Management service allows you to execute commands on a remote computer, either from the command prompt using WinRS or from Windows PowerShell. Before you can use WinRS or Windows PowerShell for remote management tasks, it is necessary to configure the target computer using the WinRM command. To configure the target computer, you must run the command WinRM quickconfig from an elevated command prompt. Executing WinRM quickconfig does the following:

• Starts the WinRM service
• Configures the WinRM service startup type to delayed automatic start
• Configures the LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users
• Configures the WinRM listener on http://* to accept WS-Man requests
• Configures the WinRM firewall exception

If you are attempting to manage a computer remotely that is not a member of the same AD DS domain as the management computer, you may need to configure the management computer to trust the remote computer. This is necessary only when you do not use Hypertext Protocol Secure (HTTPS) or Kerberos to authenticate the remote computer's identity. You need to configure this trust because of the bidirectional nature of remote management traffic and the fact that authentication credentials will be forwarded to the remote computer. You can configure this trust using the following command:

winrm set winrm/config/client @{TrustedHosts="remote computer name or IP address"}

It is also possible to configure Windows Remote Management through Group Policy. The relevant policies are located in the Computer Configuration\Administrative Templates\ Windows Components\Windows Remote Management node and are split between WinRM Client and WinRM Service policies. These policies relate to authentication settings and TrustedHosts.