GPO: Enable-PSRemoting Over HTTPS

Description:

This script will be similar to my regular allow PS remoting script, but this is for environments that want HTTPS remoting.

To Resolve:

1a. First, go the domain’s PDC and edit  the GPOs Firewall rule:

Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security
Inbound Rules – Allow 5986 – specify IP addresses

2. Turn on logging:

Computer Configuration\Policies\Windows Settings\Security Settings\Administrative Templates\Windows Components/Windows Powershell\
Turn on Module Logging
Turn on Powershell Script Block logging
Turn on script execution – Allow local scripts and remote signed scripts

3. Allow remote access:

Computer Configuration\Policies\Windows Settings\Security Settings\Administrative Templates\Windows Components/Windows Remote Shell
Allow Remote Shell Access – Enabled

4. Finally,  set the service to startup automatically

Computer Configuration\Preferences\Control Panel\Services\
WinRM – Set to automatic startup

Done! Wait, where is the listener? Well unfortunately, you have to set that up yourself. Fortunately, this is easy to script! Here is the following script I ran to remove our regular HTTP remoting and then create a HTTPS listener by binding to a cert that was issued by a third party CA:

NOTE: Ensure that computer objects can write to the share \\fileserver for the logging. Also $cert[-1] is used to grab the last cert in case the $cert object returns more than one.