I wasn’t so sure about the post title. But read on to understand what I really meant. 
When you enable remoting on a computer using Enable-PSRemoting cmdlet, an http listener will be created to listen for remoting requests on all IP addresses on the local computer. This may not be a great security practice in an enterprise.
For example, you have an Internet facing server with two network connections. One – obviously – is the Internet connection and a second one connecting to your internal network. You don’t need remoting be enabled on the network adapter connected Internet. But, since you used Enable-PSRemoting cmdlet, remoting will be enabled and there is a WinRM listener on the Internet facing network too.
So, how do we disable remoting on the Internet facing adapter?
Enable-PSRemoting is a comprehensive cmdlet that does lot of things for you in one shot. This is also the recommended way to enable remoting. So, if we need to disable remoting on a particular IP address, all you need to do is remove the WinRM listener create by Enable-PSRemoting cmdlet and re-create your own listener for a specified IP address.
We use Remove-WSManInstance and New-WSManInstance cmdlets to do this. You can also use winrm command-line to achieve this. It is just a preference.
To remove the http listener created by Enable-Remoting,
Remove-WSManInstance winrm/config/Listener -SelectorSet @{Address="*";Transport="http"}
This will remove the listener.
Now, to re-create the http listener on a specified IP address
New-WSManInstance winrm/config/Listener -SelectorSet @{Address="IP:192.168.100.2";Transport="http"}
Once this listener is created successfully, you need to restart the WinRM service using Restart-Service cmdlet. From this point onwards, system will listen only on 192.168.100.2 IP address for any remoting requests.
You can follow the same approach for HTTPS transport too. However, you will have to specify the CertificateThumbPrint though.
Disclaimer: This is just one workaround I found. From my experience – in PowerShell — there will be more than one way to do the same thing. There could be a better / simple way to achieve this. Do let me know if you have a better / simpler method. I will post it here.
Related Posts
{ 1 comment… read it below or add one }
Hi,
I’m trying bto get instance from Hyper-V .
I’m able to get it by using powershell script as :
gwmi -namespace “root\virtualization” -class “Msvm_SystemBIOS” -computername “10.10.11.107″
Now I want to do same thing by using WSMan interface :
1) I’m able to get datas from root/cimv2 namespace :
Get-WSManInstance -Enumerate wmicimv2/* -filter “select * from win32_BIOS” -computername “tutu”
2) I’m not able to find what I must specify as namespace after the Enumerate option to access root\virtualization namespace
Did you already check this kind of thing ?
Any idea where to finf infos ?
Thx
Regards,
jribeauv