Enabling WinRM by Group Policy

Posted by SaintNick on Server Fault See other posts from Server Fault or by SaintNick
Published on 2010-06-03T15:11:56Z Indexed on 2010/06/03 15:15 UTC
Read the original article Hit count: 563

Filed under:
|

I'm having partial success enabling WinRM through Active Directory GPO's on our Server 2008 R2 environment.

I've created a GPO that enables "Allow automatic configuration of listeners" and also enables all the necessary predefined WinRM Firewall rules.

This GPO works fine for our webservers. Indeed, this is reflected by the "Server Manager Remote Management" nicely flipping to "enabled" in Server Manager Server Summary.

However, the same GPO applied to both our Management servers, which are Domain Controllers, does not give the same result. I see the GPO settings being applied, including the listener as confirmed by

C:\Windows\system32>winrm e winrm/config/listener
Listener [Source="GPO"]
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 10.32.40.210, 10.32.40.211, 10.32.40.212

But in Server Manager, Server Summary, Remote Management remains on "disabled" and indeed when trying to connect to one of these machines Server Manager gives an "Access Denied".

Manually enabling WinRM locally via Server Manager "Configure Server Manager Remote Management" on either of these machines works fine.

What can be the cause? Can it have something to do with theses machines being DC's and needing extra settings in the GPO?

Nick Reid

© Server Fault or respective owner

Related posts about gpo

Related posts about WinRM