What is WinRM & How Do You Configure It?

IT pros now have the added responsibilities of having to know how to troubleshoot performance issues in apps and servers that are hosted remotely, in addition to monitoring and managing servers and apps that are hosted locally. This is where tools like Windows Remote Management (WinRM) come handy because it allows you to remotely manage, monitor, and troubleshoot applications and Windows server performance.

                   

WinRM is based on Web Services Management (WS-Management) which uses Simple Object Access Protocol (SOAP) requests to communicate with remote and local hosts, multi-vendor server hardware, operating systems, and applications. If you are predominately using a Windows environment, then WinRM will provide you remote management capabilities to do the following:

  • Communicate with remote hosts using a port that is always open by firewalls and client machines on a network.
  • Quickly start working in a cloud environment and remotely configure WinRM on EC2, Azure, etc. and monitor the performance of apps in such environments.
  • Ensure smoother execution and configuration for monitoring and managing apps and servers hosted remotely.

        

Configuring WinRM

For those who rely on PowerShell scripts to monitor applications running in remote hosts, you will first need to configure WinRM. But, this isn’t as easy as it sounds. This process is error prone, tedious, and time consuming, especially when you have a really large environment. In order to get started, you will need to enable Windows firewall on the server you want to configure WinRM. Here is a link to a blog that explains step-by-step how to configure WinRM on every computer or server. Key steps include:

WinRM.png

           

Alternative: Automate WinRM Configuration

Unfortunately, manual methods can take up too much of your time, especially if you have multiple apps and servers. With automated WinRM configuration, remotely executing PowerShell scripts can be achieved in minutes. SolarWinds Free Tool, Remote Execution Enabler for PowerShell, helps you configure WinRM on all your servers in a few minutes.

  • Configure WinRM on local and remote servers.
  • Bulk configuration across multiple hosts.
  • Automatically generate and distribute certificates for encrypted remote PowerShell execution.

          

Download the free tool here.

            

How do you manage your servers and apps that are hosted remotely? Is it using an automated platform, PowerShell scripts, or manual processes? Whatever the case, drop a line in the comments section.

Anonymous
  • This was answered below but worth mentioning again in case others don't read further down - you can lock it down to only receive from specific IP addresses.

  • It does seem counter intuitive that you have to turn the firewall service on in order to disable the zones of the firewall.  Or you have to turn on the firewall service to allow a remote access application to connect to the local machine. 

  • I personally think the Windows Firewall is one of the worst implementations of a firewall I have ever had to work with so I generally avoid it whenever possible.

    When it comes to remote management of Windows systems there are plenty of agent based applications out there that give you some pretty awesome capabilities; what would be the argument for using WinRM over a 3rd party application suite specifically designed for this type of thing?  If you are needing to do fair amount or more of remote administration it seems like you could pretty easily make a case for purchasing and implementing one of these solutions. 

  • I *think* it's TCP 47001, 5985 (HTTP) and 5986 (HTTPS)

  • What about port assignments ?  For servers on the intranet not as crucial but those in a DMZ, security likes to have ports locked down to as few as possible,