Users Guide
2. Remove all the WS-Man listeners to add the new HTTPS listener:
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
3. Add your WS-Man HTTPS listener:
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -
CertificateThumbPrint $Cert.Thumbprint –Force
NOTE: Use the $Cert variable that you defined earlier to read the Thumbprint. This variable allows the New-Item
cmdlet to locate the certificate in your certificates store.
4. Add the firewall rule:
New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows
Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP
5. Verify settings by running the following:
C:\Windows\system32>winrm g winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = true
CertificateThumbprint = 02554D694FD06BB3C765E5868EFB59B7D786ED67
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
70
Discovering devices for monitoring or management