Enabling Windows Remote Management through global policy objects

Edit online

You can configure Windows Remote Management (WinRM) for all of your Hyper-V targets by creating and linking a Global Policy Object (GPO) within the Hyper-V domain and applying the GPO to all servers.

Follow the steps to enable WinRM for your Hyper-V targets.

  1. On the AD domain controller, open the Group Policy Management Console (GPMC). If the GPMC is not installed, see https://technet.microsoft.com/en-us/library/cc725932.aspx.

  2. Create a new Global Policy Object:

    1. In the GPMC tree, right-click Group Policy Objects within the domain containing your Hyper-V servers.

    2. Choose Create a GPO in this domain, and link it here.

    3. Enter a name for the new GPO and click OK.

  3. Specify the computers that need access:

    1. Select the new GPO from the tree.

    2. On the Scope tab, under Security Filtering, specify the computer or group of computers you want to grant access. Make sure you include all of your Hyper-V targets.

  4. Right-click the new GPO and choose Edit to open the Group Policy Management Editor.

  5. Configure the WinRM Service:

    1. In the Group Policy Management Editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

    2. Double-click each of following settings and configure as specified:

      Setting Value
      Allow automatic configuration of listeners (“Allow remote server management through WinRM” on older versions of Windows Server) Enabled

      IPv4 filter: *
      Allow Basic authentication Enabled
      Allow unencrypted traffic Enabled

  6. Configure the WinRM service to run automatically:

    1. In the Group Policy Management Editor, expand Computer Configuration > Preferences > Control Panel Settings.

    2. Under Control Panel Settings, right-click Services and choose New > Service.

    3. In the New Service Properties window, configure the following settings:

      Setting Value
      Startup Automatic
      Service name WinRM
      Service option Service start

  7. Enable Windows Remote Shell:

    1. In the Group Policy Management Editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Shell.

    2. Double-click the following setting and configure as specified:

      Setting Value
      Allow Remote Shell Access: Enabled

  8. Add a Windows Firewall exception:

    1. In the Group Policy Management Editor, open Computer Configuration > Windows Settings > Security Settings > Windows Firewall > Windows Firewall.

    2. Under Windows Firewall, right-click Inbound Rules and choose New > Rule.

    3. In the New Inbound Rule Wizard, select Predefined: Windows Remote Management and Allow the connection.

The new group policy will be applied during the next policy process update. To apply the new policy immediately, run the following command at a Powershell prompt:

gpupdate /force