Windows Remote Management Service
The Windows Remote Management service allows you to execute commands on a remote
computer, either from the command prompt using WinRS or from Windows PowerShell.
Before
you can use WinRS or Windows PowerShell for remote management tasks, it is
necessary
to configure the target computer using the WinRM command. To configure the
Lesson 2: Windows 7 Remote Management CHAPTER 7 409
target computer, you must run the command WinRM quickconfig from an elevated command
prompt. Executing WinRM quickconfig does the following:
n Starts the WinRM service
n Configures the WinRM service startup type to delayed automatic start
n Configures the LocalAccountTokenFilterPolicy to grant administrative rights remotely
to local users
n Configures the WinRM listener on
http://* to accept WS-Man requests
n Configures the WinRM firewall exception
If you are attempting to manage a computer remotely that is not a member of the same
AD DS domain as the management computer, you may need to configure the management
computer to trust the remote computer. This is necessary only when you do not use
Hypertext Protocol Secure (HTTPS) or Kerberos to authenticate the remote computer’s
identity. You need to configure this trust because of the bidirectional nature of remote
management traffic and the fact that authentication credentials will be forwarded to the
remote computer. You can configure this trust using the following command:
winrm set winrm/config/client @{TrustedHosts=”remote computer name or IP address”}
It is also possible to configure Windows Remote Management through Group Policy.
The relevant policies are located in the Computer Configuration\Administrative Templates\
Windows Components\Windows Remote Management node and are split between WinRM
Client and WinRM Service policies. These policies relate to authentication settings and
TrustedHosts.