VimalShekar/EnableWinRM-WG.ps1

## EnableWinRM-WG.ps1
# WinRM only works on Private and Domain networks, it is disabled on public networks.
# Detect and modify any networks which are set to Public, ensure that every network is private.
# First, set CategoryType to 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
# Then create an instance of {DCB00C01-570F-4A9B-8D69-199FDBA5723B}, get connections and set the category!

function Enable-WinRMOnWorkGroupMachine {

    $Private:ConnectionProfiles = Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles'

    foreach ($ConnProf in $Private:ConnectionProfiles) {

        Write-host " Parsing network profile for $ConnProf "
        $Valprop = Get-ItemProperty -Path $ConnProf.PSPath -Name "Category" -ErrorAction SilentlyContinue
        if ($?) {
            Remove-ItemProperty -Path $ConnProf.PSPath -Name "Category" -ErrorAction SilentlyContinue -Force
        }

        Write-host " Setting the Category to 1 for $ConnProf"
        Set-ItemProperty -Path $ConnProf.PSPath -Name "Category" -Value 1 -ErrorAction SilentlyContinue -Force
    }


    # This is from https://blogs.technet.microsoft.com/samdrey/2011/10/19/how-to-use-powershell-to-change-the-network-location-type-to-private-or-public/
    try{
        $networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
        $connections = $networkListManager.GetNetworkConnections()

        foreach ($nwconn in $connections) {
            Write-host " Attempting to set category for $NetworkName to private"
            $NetworkConn = $nwconn.GetNetwork()
            $NetworkName = $NetworkConn.GetName()
            try{
                $NetworkConn.SetCategory(1)
                Write-host " Successfully set"
            }
            catch {
                Write-host " Exception when setting network category..."
            }
        }
    }
    catch {
        Write-Host " Exception when getting network connections category..."
    }


    Write-host " Restarting Network Profile Service for changes to take effect!"
    ManageWinService -Name 'netprofm' "Stop"
    Sleep 5
    ManageWinService -Name 'netprofm' "Start"

    #Now, lets run "winrm quickconfig -quiet -force"
    Write-host " Running winrm quickconfig -quiet -force"
    $ProcName = "winrm"
    $Arg = "quickconfig -quiet -force"
    $Proc = Start-Process -FilePath $ProcName -wait -ArgumentList $Arg -PassThru
    if ($Proc.ExitCode -eq 0) {
        Write-host " WinRM Service was configured successfully"
    }
    else {
        Write-host " Failed to configure Service - $($Proc.ExitCode)"
    }

    #Set client settings and auth type a needed
    Write-host " Updating Client Settings"
    Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value "*" -Force -ErrorAction SilentlyContinue  #Required to allow connections from any host
    #Set-Item -Path WSMan:\localhost\Client\Auth\Basic -Value true
    #Set-Item -Path WSMan:\localhost\Client\Auth\Certificate -Value true
    Set-Item -Path WSMan:\localhost\Client\Auth\CredSSP -Value true
    #Set-Item -Path WSMan:\localhost\Client\Auth\Digest -Value true
    #Set-Item -Path WSMan:\localhost\Client\Auth\Kerberos -Value true
    Set-Item -Path WSMan:\localhost\Client\Auth\Negotiate -Value true

    Write-host " Updating Service Settings"
    #Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
    #Set-Item -Path WSMan:\localhost\Service\AllowRemoteAccess -Value true
    Set-Item -Path WSMan:\localhost\Service\IPv4Filter -Value "*"
    Set-Item -Path WSMan:\localhost\Service\IPv6Filter -Value "*"
    #Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value true
    #Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value true
    Set-Item -Path WSMan:\localhost\Service\Auth\CredSSP -Value true
    #Set-Item -Path WSMan:\localhost\Service\Auth\Digest -Value true
    #Set-Item -Path WSMan:\localhost\Service\Auth\Kerberos -Value true
    Set-Item -Path WSMan:\localhost\Service\Auth\Negotiate -Value true
    Set-Item -Path WSMan:\localhost\Shell\AllowRemoteShellAccess -Value true

}
	# WinRM only works on Private and Domain networks, it is disabled on public networks.
	# Detect and modify any networks which are set to Public, ensure that every network is private.
	# First, set CategoryType to 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
	# Then create an instance of {DCB00C01-570F-4A9B-8D69-199FDBA5723B}, get connections and set the category!

	function Enable-WinRMOnWorkGroupMachine {

	$Private:ConnectionProfiles = Get-ChildItem -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles'

	foreach ($ConnProf in $Private:ConnectionProfiles) {

	Write-host " Parsing network profile for $ConnProf "
	$Valprop = Get-ItemProperty -Path $ConnProf.PSPath -Name "Category" -ErrorAction SilentlyContinue
	if ($?) {
	Remove-ItemProperty -Path $ConnProf.PSPath -Name "Category" -ErrorAction SilentlyContinue -Force
	}

	Write-host " Setting the Category to 1 for $ConnProf"
	Set-ItemProperty -Path $ConnProf.PSPath -Name "Category" -Value 1 -ErrorAction SilentlyContinue -Force
	}


	# This is from https://blogs.technet.microsoft.com/samdrey/2011/10/19/how-to-use-powershell-to-change-the-network-location-type-to-private-or-public/
	try{
	$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
	$connections = $networkListManager.GetNetworkConnections()

	foreach ($nwconn in $connections) {
	Write-host " Attempting to set category for $NetworkName to private"
	$NetworkConn = $nwconn.GetNetwork()
	$NetworkName = $NetworkConn.GetName()
	try{
	$NetworkConn.SetCategory(1)
	Write-host " Successfully set"
	}
	catch {
	Write-host " Exception when setting network category..."
	}
	}
	}
	catch {
	Write-Host " Exception when getting network connections category..."
	}


	Write-host " Restarting Network Profile Service for changes to take effect!"
	ManageWinService -Name 'netprofm' "Stop"
	Sleep 5
	ManageWinService -Name 'netprofm' "Start"

	#Now, lets run "winrm quickconfig -quiet -force"
	Write-host " Running winrm quickconfig -quiet -force"
	$ProcName = "winrm"
	$Arg = "quickconfig -quiet -force"
	$Proc = Start-Process -FilePath $ProcName -wait -ArgumentList $Arg -PassThru
	if ($Proc.ExitCode -eq 0) {
	Write-host " WinRM Service was configured successfully"
	}
	else {
	Write-host " Failed to configure Service - $($Proc.ExitCode)"
	}

	#Set client settings and auth type a needed
	Write-host " Updating Client Settings"
	Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value "*" -Force -ErrorAction SilentlyContinue #Required to allow connections from any host
	#Set-Item -Path WSMan:\localhost\Client\Auth\Basic -Value true
	#Set-Item -Path WSMan:\localhost\Client\Auth\Certificate -Value true
	Set-Item -Path WSMan:\localhost\Client\Auth\CredSSP -Value true
	#Set-Item -Path WSMan:\localhost\Client\Auth\Digest -Value true
	#Set-Item -Path WSMan:\localhost\Client\Auth\Kerberos -Value true
	Set-Item -Path WSMan:\localhost\Client\Auth\Negotiate -Value true

	Write-host " Updating Service Settings"
	#Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
	#Set-Item -Path WSMan:\localhost\Service\AllowRemoteAccess -Value true
	Set-Item -Path WSMan:\localhost\Service\IPv4Filter -Value "*"
	Set-Item -Path WSMan:\localhost\Service\IPv6Filter -Value "*"
	#Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value true
	#Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value true
	Set-Item -Path WSMan:\localhost\Service\Auth\CredSSP -Value true
	#Set-Item -Path WSMan:\localhost\Service\Auth\Digest -Value true
	#Set-Item -Path WSMan:\localhost\Service\Auth\Kerberos -Value true
	Set-Item -Path WSMan:\localhost\Service\Auth\Negotiate -Value true
	Set-Item -Path WSMan:\localhost\Shell\AllowRemoteShellAccess -Value true

	}