Enabling WinRM Via Global Policy Objects

You can configure WinRM for all of your Hyper-V targets by creating and linking a Global Policy Object (GPO) within the Hyper-V domain and applying the GPO to all servers.

Follow the steps to enable Windows Remote Management (WinRM) for your Hyper-V targets.

On the AD domain controller, open the Group Policy Management Console (GPMC). If the GPMC is not installed, see https://technet.microsoft.com/en-us/library/cc725932.aspx.
Create a new Global Policy Object:
1. In the GPMC tree, right-click Group Policy Objects within the domain containing your Hyper-V servers.
2. Choose Create a GPO in this domain, and link it here.
3. Enter a name for the new GPO and click OK.
Specify the computers that need access:
1. Select the new GPO from the tree.
2. On the Scope tab, under Security Filtering, specify the computer or group of computers you want to grant access. Make sure you include all of your Hyper-V targets.
Right-click the new GPO and choose Edit to open the Group Policy Management Editor.

Configure the WinRM Service:

In the Group Policy Management Editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

Double-click each of following settings and configure as specified:

Setting	Value
Allow automatic configuration of listeners (“Allow remote server management through WinRM” on older versions of Windows Server)	Enabled IPv4 filter: *
Allow Basic authentication	Enabled
Allow unencrypted traffic	Enabled

Setting

Value

Allow automatic configuration of listeners (“Allow remote server management through WinRM” on older versions of Windows Server)

Enabled

IPv4 filter: *

Allow Basic authentication

Enabled

Allow unencrypted traffic

Enabled

Configure the WinRM service to run automatically:
1. In the Group Policy Management Editor, expand Computer Configuration > Preferences > Control Panel Settings.
2. Under Control Panel Settings, right-click Services and choose New > Service.
3. In the New Service Properties window, configure the following settings:
  
  Setting
  
  Value
  
  Startup
  
  Automatic
  
  Service name
  
  WinRM
  
  Service option
  
  Service start
Enable Windows Remote Shell:
1. In the Group Policy Management Editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Shell.
2. Double-click the following setting and configure as specified:
  
  Setting
  
  Value
  
  Allow Remote Shell Access:
  
  Enabled
Add a Windows Firewall exception:
1. In the Group Policy Management Editor, open Computer Configuration > Windows Settings > Security Settings > Windows Firewall > Windows Firewall.
2. Under Windows Firewall, right-click Inbound Rules and choose New > Rule.
3. In the New Inbound Rule Wizard, select Predefined: Windows Remote Management and Allow the connection.

Setting	Value
Startup	Automatic
Service name	WinRM
Service option	Service start

Setting	Value
Allow Remote Shell Access:	Enabled

The new group policy will be applied during the next policy process update. To apply the new policy immediately, run the following command at a Powershell prompt:

gpupdate /force