Powershell Remoting
PowerShell Remoting is a feature of PowerShell that allows PowerShell to be called on remote machines. By default it is enabled on server o/s but not workstations.
It is possible to utilize 'Windows Group Policy' to enable PowerShell remoting by creating a GPO like the following
Create a new GPO targeting OU containing systems to be migrated
After configuration, this GPO will enable WinRM and add a firewall exception to allow the WinRM traffic from the host system initiating the advanced deployment scripts.
Edit the GPO with the following settings:
- Allow remote server management through WinRM
- WinRM (WS-Management) service set to automatic startup
- Firewall rule for Windows Remote Management on domain network profile locked down from Domain Controllers IP
Computer Configuration > Administrative Tools > Windows Components > Windows Remote Management (WinRM) > WinRM Service > Allow remote server management through WinRM:
Configure the IPv4 filter to * to allow the WinRM listener to respond to requests.
Computer Configuration > Policies > Windows Settings > Security Settings > System Services
Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security
Add additional firewall rule scope to limit the WinRM rule to only apply to the servers IP
Verify GPO is pushed to workstation using the gpresult command:
gpresult /r /scope:computer