Enabling WinRM by Group Policy
Posted
by SaintNick
on Server Fault
See other posts from Server Fault
or by SaintNick
Published on 2010-06-03T15:11:56Z
Indexed on
2010/06/03
15:15 UTC
Read the original article
Hit count: 563
I'm having partial success enabling WinRM through Active Directory GPO's on our Server 2008 R2 environment.
I've created a GPO that enables "Allow automatic configuration of listeners" and also enables all the necessary predefined WinRM Firewall rules.
This GPO works fine for our webservers. Indeed, this is reflected by the "Server Manager Remote Management" nicely flipping to "enabled" in Server Manager Server Summary.
However, the same GPO applied to both our Management servers, which are Domain Controllers, does not give the same result. I see the GPO settings being applied, including the listener as confirmed by
C:\Windows\system32>winrm e winrm/config/listener
Listener [Source="GPO"]
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 10.32.40.210, 10.32.40.211, 10.32.40.212
But in Server Manager, Server Summary, Remote Management remains on "disabled" and indeed when trying to connect to one of these machines Server Manager gives an "Access Denied".
Manually enabling WinRM locally via Server Manager "Configure Server Manager Remote Management" on either of these machines works fine.
What can be the cause? Can it have something to do with theses machines being DC's and needing extra settings in the GPO?
Nick Reid
© Server Fault or respective owner