PowerShell, Remoting, Scripting
comments 5

Enabling PowerShell remoting for only a specified set of IP addresses

I’ve published a free book on PowerShell 2.0 remoting. You can download it at:
[download id=”22″ format=”4″]

I wasn’t so sure about the post title. But read on to understand what I really meant. πŸ™‚

When you enable remoting on a computer using Enable-PSRemoting cmdlet, an http listener will be created to listen for remoting requests on all IP addresses on the local computer. This may not be a great security practice in an enterprise.

For example, you have an Internet facing server with two network connections. One – obviously – is the Internet connection and a second one connecting to your internal network. You don’t need remoting be enabled on the network adapter connected Internet. But, since you used Enable-PSRemoting cmdlet, remoting will be enabled and there is a WinRM listener on the Internet facing network too.

So, how do we disable remoting on the Internet facing adapter?

Enable-PSRemoting is a comprehensive cmdlet that does lot of things for you in one shot. This is also the recommended way to enable remoting. So, if we need to disable remoting on a particular IP address, all you need to do is remove the WinRM listener create by Enable-PSRemoting cmdlet and re-create your own listener for a specified IP address.

We use Remove-WSManInstance and New-WSManInstance cmdlets to do this. You can also use winrm command-line to achieve this. It is just a preference.

To remove the http listener created by Enable-Remoting,

This will remove the listener.

Now, to re-create the http listener on a specified IP address

Once this listener is created successfully, you need to restart the WinRM service using Restart-Service cmdlet. From this point onwards, system will listen only on IP address for any remoting requests.

You can follow the same approach for HTTPS transport too. However, you will have to specify the CertificateThumbPrint though.

Disclaimer: This is just one workaround I found. From my experience – in PowerShell — there will be more than one way to do the same thing. There could be a better / simple way to achieve this. Do let me know if you have a better / simpler method. I will post it here.

Filed under: PowerShell, Remoting, Scripting


Ravikanth is a principal engineer and the lead architect for Microsoft and VMware virtualized and hybrid cloud solutions within the Infrastructure Solutions Group at Dell EMC. He is a multi-year recipient of Microsoft Most Valuable Professional (MVP) award in Windows PowerShell (CDM) and Microsoft Azure. Ravikanth is the author of Windows PowerShell Desired State Configuration Revealed (Apress) and leads Bangalore PowerShell and Bangalore IT Pro user groups. He can be seen speaking regularly at local user group events and conferences in India and abroad.