PowerShell Remoting for Non-Domain Workstation

You are here:
← All Topics

Tutorial on how to enable PowerShell Remoting for Non-Domain Workstation

PowerShell Remoting uses Windows Remote Management (WinRM), which is the Microsoft implementation of the Web Services for Management (WS-Management) protocol, to allow users to run PowerShell commands on remote computers

Windows Remote Management (WinRM) , is a Windows-native built-in remote management protocol in its simplest form that uses Simple Object Access Protocol to interface with remote computers and servers

WinRM is listening on 5985 (HTTP) and 5986 (HTTPS)

PowerShell Remoting from Domain Workstation

PowerShell remoting is enabled by default on Windows Server platforms, and you can access to Remote Server with Enter-PSSession

Enter-PSSession -Computername AVENTIS-AD01
[AVENTIS-AD01]: PS C:\Users\Administrator\Documents> hostname

Verify the PowerShell Remoting is established with Get-NetTCPConnection

Get-NetTCPConnection |? RemotePort -eq "5985"

LocalAddress                        LocalPort RemoteAddress                       RemotePort State       AppliedSetting
------------                        --------- -------------                       ---------- -----       --------------                       50674                       5985       Established Datacenter                       50672                       5985       TimeWait

PowerShell Remoting for Non-Domain Workstation

PowerShell Remoting from Non-Domain workstation will failed even with the correct credential due to the security design from Window Server

Enter-PSSession -ComputerName -Credential (Get-Credential)

PowerShell credential request
Enter your credentials.
User: lab\mydcadmin
Password for user lab\mydcadmin: ************

Enter-PSSession: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

Enable WinRM via HTTPS

Enable WinRM via HTTPS with Microsoft Certificate Authority (CA) to allow PowerShell Remoting from Non-Domain workstation follow the steps below

  1. Generate a Server Certificate with the FQDN of Server by following Request SSL Certificate from Microsoft CA with Certreq

  2. Create a new WinRM listener with HTTPS with the Certificate Thumbprint

PS C:\Temp> New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint A7DCA3E1A452388890A97513230CCF2D11D729C7 -Force

   WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Listener

Type            Keys                                Name
----            ----                                ----
Container       {Transport=HTTPS, Address=*}        Listener_1305953032
  1. Windows Firewall Rule to allow inbound TCP 5986
New-NetFirewallRule -DisplayName "In-TCP-5986" -Description "WinRM-HTTPS" -Direction Inbound -Protocol TCP -LocalPort 5986 -RemoteAddress -Action Allow
  1. Export the CA Root Certificate from Microsoft CA Server to C:\Temp\AVENTISLAB-ROOT.cer
certutil -ca.cert C:\temp\AVENTISLAB-ROOT.cer
CA cert[0]: 3 -- Valid
CA cert[0]:


CertUtil: -ca.cert command completed successfully.
  1. Copy the AVENTISLAB-ROOT.cer to the workstation and import it to Certificate – Local Computer – Trusted Root Certificate Authorities
Import-certificate -FilePath C:\temp\AVENTISLAB-ROOT.cer -CertStoreLocation Cert:\LocalMachine\AuthRoot\

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\AuthRoot

Thumbprint                                Subject              EnhancedKeyUsageList
----------                                -------              --------------------
A85CD7DA6159CEF6315BA6FD4FC6FDC134D7DFBF  CN=AventisLab Root …
  1. Add the FQDN of the server to local host file if required and ensure that you can ping the FQDN of the server which you would like to Remote to

  2. You should be able to connect to Remote Server with PowerShell Remoting now

-SkipRevocationCheck is used to skip the Revocation check to prevent the error message below

The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.

$Username = "lab\mydcadmin"
$Password = ConvertTo-SecureString '[email protected][email protected]#$' –asplaintext –force 
$Credential = new-object -typename System.Management.Automation.PSCredential -ArgumentList $UserName,$Password
$SessionOption = New-PSSessionOption -SkipRevocationCheck
$Server = ""

Enter-PSSession -ComputerName $Server -UseSSL -Credential $Credential -SessionOption $SessionOption
[]: PS C:\Users\administrator.LAB\Documents> 

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top