Skip to content

Instantly share code, notes, and snippets.

@TechIsCool
Created November 28, 2017 04:44
Show Gist options
  • Save TechIsCool/d65017b8427cfa49d579a6d7b6e03c93 to your computer and use it in GitHub Desktop.
Save TechIsCool/d65017b8427cfa49d579a6d7b6e03c93 to your computer and use it in GitHub Desktop.
A simple Powershell WinRM-HTTPs setup
Write-Output "Disabling WinRM over HTTP..."
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP"
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC"
Get-ChildItem WSMan:\Localhost\listener | Remove-Item -Recurse
Write-Output "Configuring WinRM for HTTPS..."
Set-Item -Path WSMan:\LocalHost\MaxTimeoutms -Value '1800000'
Set-Item -Path WSMan:\LocalHost\Shell\MaxMemoryPerShellMB -Value '1024'
Set-Item -Path WSMan:\LocalHost\Service\AllowUnencrypted -Value 'false'
Set-Item -Path WSMan:\LocalHost\Service\Auth\Basic -Value 'true'
Set-Item -Path WSMan:\LocalHost\Service\Auth\CredSSP -Value 'true'
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP" `
-DisplayName "Windows Remote Management (HTTPS-In)" `
-Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" `
-Group "Windows Remote Management" `
-Program "System" `
-Protocol TCP `
-LocalPort "5986" `
-Action Allow `
-Profile Domain,Private
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" `
-DisplayName "Windows Remote Management (HTTPS-In)" `
-Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" `
-Group "Windows Remote Management" `
-Program "System" `
-Protocol TCP `
-LocalPort "5986" `
-Action Allow `
-Profile Public
$Hostname = [System.Net.Dns]::GetHostByName((hostname)).HostName.ToUpper()
$pfx = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName $Hostname
$certThumbprint = $pfx.Thumbprint
$certSubjectName = $pfx.SubjectName.Name.TrimStart("CN = ").Trim()
New-Item -Path WSMan:\LocalHost\Listener -Address * -Transport HTTPS -Hostname $certSubjectName -CertificateThumbPrint $certThumbprint -Port "5986" -force
Write-Output "Restarting WinRM Service..."
Stop-Service WinRM
Set-Service WinRM -StartupType "Automatic"
Start-Service WinRM
@Cyril-B
Copy link

Cyril-B commented Apr 21, 2022

Thank you really usefull in the context of MicrosoftDocs/azure-docs#89323

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment