IBM Support

Configuring WinRM for PowerShell

Question & Answer


Question

Configuring WinRM for PowerShell

Answer


Title :
Configuring WinRM for PowerShell
Article:
Secret Server relies on Microsoft Windows Remote Management (WinRM) components to run PowerShell scripts, which requires configuration on the Server where Secret Server application is installed. By default, Secret Server will use http://localhost:5985/wsman as the WinRM endpoint.​
Installation
Make sure that WinRM 2.0 or higher is installed and running by checking the Services Manager; Open the Control Panel, Open Administrative Tools, then Open Services.
Note: WinRM 2.0 is installed and configured by default on Windows Server 2008 R2 and higher.  It includes Windows Management Framework 3.0 and does not need to be downloaded separately.
If WinRM is installed, a service named Windows Remote Management (WS-Management) will be present.  Otherwise, download it at:
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Configuration
The Windows Remote Management Service must be enabled and configured to start automatically. Run this command from an Elevated Command Prompt and this will configure it to automatically start:
sc config WinRM start= auto
Note: the space after the equal sign is required.

Then start the service once it is set to auto-start:
sc start WinRM
Your WinRM service is now enabled.
Creating a Listener
WinRM must now create a listener for an endpoint connection. To create a default listener, use this command from an Elevated Command Prompt:
winrm create winrm/config/Listener?Address=*+Transport=HTTP
This will create a listener on port 5985.
Verifying Listeners
Use this command from an elevated command prompt to list WinRM endpoints:
winrm e winrm/config/listener
Security Considerations
Creating a WinRM listener will allow remote management over port 5985. We recommend creating a firewall rule that blocks port 5985 unless you intend to use WinRM remotely.
Advanced Configuration of WinRM
WinRM allows for remote management of Windows Server. Your environment may already be configured for WinRM. If your server is already configured for WinRM but isn’t using the default configuration, you can change the URI that Secret Server uses to connect to localhost.
For example, if your URL Prefix is the non-default wsman, or WinRM is running on a custom port, you can change the URI in Secret Server to:
http://localhost:<port>/
At the moment we only support running PowerShell scripts on the localhost.

[{"Product":{"code":"SSWHLP","label":"IBM Security Secret Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
17 June 2018

UID

swg22016914

Page Feedback