IBM Support

Enable PowerShell remoting in Windows OS.

How To


Summary

Create CA, configure WINRM to enable the machine to receive PS remote commands.

Objective

This is to enable Admins to use PS remote commands in Windows machines.

Environment

Windows OS.

Steps

Steps to regenerate and import the new CA:

on your Windows CA server, to create a CSR:

1-Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.

2-Select the server name from the left-side panel.

3-In the center panel, double-click Server Certificates.

image-20241216150038-2

4-In the Actions menu from the right-side, click Create Certificate Request.

image-20241216145312-1

5-In the Distinguished Name Properties window, complete the required fields:

please note: Common name – the target server fully qualified domain name (FQDN)

image-20241216150116-3

Click Next.

6-In the Cryptographic Service Provider Properties window, select the following:

Cryptographic service provider: Microsoft RSA SChannel

Bit length: 2048

image 13107

Click Next.

7-In the File Name window, select the location for saving the CSR and enter a name.

Click Finish.

Your CSR is created as a .txt file.

Next, you need to obtain the private key associated to the CSR:

1-Open the Microsoft Management Console (mmc).

2-Go to File > Add/Remove Snap-in.

3-Double-click Certificates in the list of snap-ins.

4-Select Computer account and click Next.

image-20241216150245-4

5-Select Local computer and click Finish.

Click OK to populate the snap-in.

image-20241216150319-5

6-Go to Console Root > Certificates > Certificate Enrollment Requests.

7-Right-click the desired CSR and click All Tasks > Export.

image-20241216150344-6

8-In the Certificate Export Wizard, click Next.

Choose Yes, export the private key and click Next.

image-20241216150416-7

9-Select Personal Information Exchange – PKCS #12 and click Next.

image-20241216150443-8

10-Enter a password to protect your private key and click Next.

11-Choose where to save the private key and click Next.

image-20241216150523-9

Click Finish.

The private key is exported as a .pfx file.

Now we need to import the certificate in our target server

1-Open the MMC (Start > Run > MMC).

2-Go to File > Add / Remove Snap In

3-Double Click Certificates

4-Select Computer Account.

5-Select Local Computer > Finish

6-Click OK to exit the Snap-In window.

7-Navigate to to Certificates > Personal > Certificates

8-Right click on Certificates and select All Tasks > Import

image-20241216150621-10

9-Click Next & Click Browse

10-Select the .pfx you would like to import. Click Open.

11-Click Next, write password, Select Automatically select the certificate store based on the type of

Certificate, Click Finish & OK.

image 13091

12-Then we need to import it in trusted root certificate\certificates

image 13095

image 13099

B- When you finish installing the certificate, make sure that “Winrm” service is started and

Startup type “Automatic”

C- then run the below command (Run as administrator)

winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="server.fqdn";CertificateThumbprint="YOURCERTIFICATETHUMPPRINT"}

get the cert thumbprint from here

image 13100

image 13101

D- Run the below command (Run as administrator)

winrm quickconfig -transport:https

image 13102

-To make sure that WinRM is listening on HTTPS, run the below command (Run as

administrator)

winrm enumerate winrm/config/listener

note the output message and make sure that “Transport = HTTPS”

image 13103

Now, for the second part, we should configure “PowerShell remoting”:

Run the below command in PowerShell console, please select the appropriate choice according to your needs in work environment

Enable-PSRemoting

image 13104

Also, you can use this command to Configure the server to receive remote commands without a confirmation prompt

Enable-PSRemoting -Force

To test you have enabled PowerShell remoting correctly, from another server, you can enter this command

Enter-PSSession -ComputerName <hostname>

image 13105This will open an interactive session with the remote server which will allow you to enter PowerShell commands to be executed on the remote machine.

image 13106


Additional Information

Search on the following for additional information.

How to configure WINRM for HTTPS

Enable-PSRemoting


Document Location

Worldwide


[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSTIPK","label":"Microsoft Windows"},"ARM Category":[{"code":"a8mKe000000004NIAQ","label":"Windows"}],"ARM Case Number":"TS004805643","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

More support for:
Microsoft Windows

Component:
Windows

Software version:
All Versions

Document number:
7179009

Modified date:
16 December 2024

UID

ibm17179009