How to enable WinRM via Group Policy

In order to remotely manage computers via Powershell, you must enable Windows Remote Management.

Open Group Policy management.

Create a new GPO.

Right-click your newly created GPO and click Edit…

First we need to allow it on each computer’s firewall. Open Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Windows Firewall with Advanced Security –> Windows Firewall with Advanced Security –> Inbound Rules

Create a New Rule

Microsoft was nice enough to include it as a predefined Rule

I unchecked Public as I will be doing connecting locally.

Click Allow the connection

The new rule should now be listed.

That’s it for the firewall. Now you need to go to Computer Configuration –> Policies –> Administrative Templates –> Windows Components –> Windows Remote Management (WinRM) –> WinRM Service –> Allow remote server management through WinRM


Type “*” to allow messages from any IP address, or leave the field empty to listen on no IP address. You can specify one or more ranges of IP addresses.

Link your newly created GPO. This is going to be a computer policy so connect it to an OU of the computers you would like to enable this for.

It’s also necessary to make sure the WinRM service starts on startup. To do this via GPO, go to Computer Configuration –> Preferences –> Control Panel Settings –> Services

Right-click and click New –> Service

Choose Automatic (Delayed Start) as the startup type, pick WinRM as the Service name, set Start service as the Service action.

Once all of your domain computers have updated their policies and had a chance to start that system service, you should be able to remotely manage them using Powershell.

Other blog posts