Enabling WinRM Via Global Policy Objects
You can configure WinRM for all of your Hyper-V targets by creating and linking a Global Policy Object (GPO) within the Hyper-V domain and applying the GPO to all servers.
Follow the steps to enable Windows Remote Management (WinRM) for your Hyper-V targets.
On the AD domain controller, open the Group Policy Management Console (GPMC). If the GPMC is not installed, see https://technet.microsoft.com/en-us/library/cc725932.aspx.
Create a new Global Policy Object:
In the GPMC tree, right-click Group Policy Objects within the domain containing your Hyper-V servers.
Choose Create a GPO in this domain, and link it here.
Enter a name for the new GPO and click OK.
Specify the computers that need access:
Select the new GPO from the tree.
On the Scope tab, under Security Filtering, specify the computer or group of computers you want to grant access. Make sure you include all of your Hyper-V targets.
Right-click the new GPO and choose Edit to open the Group Policy Management Editor.
Configure the WinRM Service:
In the Group Policy Management Editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.
Double-click each of following settings and configure as specified:
Setting
Value
Allow automatic configuration of listeners (“Allow remote server management through WinRM” on older versions of Windows Server)
Enabled
IPv4 filter: *
Allow Basic authentication
Enabled
Allow unencrypted traffic
Enabled
Configure the WinRM service to run automatically:
In the Group Policy Management Editor, expand Computer Configuration > Preferences > Control Panel Settings.
Under Control Panel Settings, right-click Services and choose New > Service.
In the New Service Properties window, configure the following settings:
Setting
Value
Startup
Automatic
Service name
WinRM
Service option
Service start
Enable Windows Remote Shell:
In the Group Policy Management Editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Shell.
Double-click the following setting and configure as specified:
Setting
Value
Allow Remote Shell Access:
Enabled
Add a Windows Firewall exception:
In the Group Policy Management Editor, open Computer Configuration > Windows Settings > Security Settings > Windows Firewall > Windows Firewall.
Under Windows Firewall, right-click Inbound Rules and choose New > Rule.
In the New Inbound Rule Wizard, select Predefined: Windows Remote Management and Allow the connection.
The new group policy will be applied during the next policy process update. To apply the new policy immediately, run the following command at a Powershell prompt:
gpupdate /force