Windows Remote Management Service

Windows Remote Management service allows you to execute commands on a remote computer, either from the command prompt using WinRS or from Windows PowerShell. However, you need to configure the remote computer before performing any remote management tasks!

To configure the target computer, you must run the command WinRM quickconfig from an elevated command prompt. Managing a remote computer in a non-AD (Active Directory) DS (Directory Service) environment requires you to configure the local computer to trust the remote computer. You can configure this trust by typing:

winrm set winrm/config/client @{TrustedHosts=”remote computer’s IP address or name”}

The above is not necessary if you use the HTTPS (HyperText Protocol Secure) or Kerberos to authenticate the remote’s computer identity. In a domain environment you can configure Windows Remote Management through the Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management node of Group Polices.

When you execute WinRM quickconfig the following happens:

  • The WinRM service starts
  • The WinRM service startup type is set to delayed automatic start
  • The LocalAccountTokenFilterPolicy grants remote administrative rights to local users
  • The WinRM listener on http://* is configured to accept WS-Man requests
  • A WinRM firewall exception is set

You can use WinRS to execute commands or scripts on a remote computer. The WinRS command requires the fully qualified domain name of the remote computer if it resides on a remote network, that is, not on the same local network. For example, to check IPv4 configuration of a remote computer from an elevated command prompt type:

winrs -r:computer_name command

In addition, you can query remote information using a specific user account such as, displaying information about a remote computer password policy. To perform this action, from a command prompt type:

winrs -r:computer_name -u:user_name net accounts

You are prompted for the password if you do not specify the -p:password option. Additional WinRS options can be configure through the Group Policy in the Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell node.