Shortcuts and helpers for WinRM - Windows Remote Management
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
WinRM-Tools Change self-signed certificate expiry to be 1 year (previously 90 day… Jun 12, 2013
.gitignore Remove an emacs backup file, and set .gitignore to stop this happenin… Feb 25, 2012
LICENSE Initial commit Feb 25, 2012
NOTICE Update now that the scripts no longer require Amazon EC2 to… Apr 25, 2012
enable-winrm.ps1 Initial commit Feb 25, 2012

Important note about the license

Original parts of this project are licensed under the Apache License 2.0.

Unfortunately, portions of the project are based on content from Microsoft's TechNet and MSDN websites, and downloads from these sites are licensed under the Microsoft Limited Public License ("MS-LPL"). This affects the following files:

  • WinRM-Tools/selfsignedcert.ps1
  • WinRM-Tools/firewallrule.ps1

The MS-LPL is included in the affected files.

This situation is less than ideal and I intend to remove these files, once a suitable replacement is available. I welcome links to equivalents under a more appropriate license, or volunteers to help with a clean room rewrite.


This project is intended to ease the process of enabling Windows Remote Management ("WinRM"). On an out-of-the-box install of Windows Server 2008 R2, WinRM is not enabled or installed by default. Installing it, and enabling it on an SSL-secured port, takes many manual steps; this project is intended to automate this as much as possible, reducing it to a one-liner.

Currently, the aim of the project is to assist in modifying a vanilla Windows Server 2008 R2, configuring it to allow the "overthere" project to connect to the WinRM port in a reasonably secure manner. While it's not exclusively limited to this kind of setup, at the moment the scripts do make assumptions to that end.


When running on Windows Server 2008 R2, you can start a Command Prompt and execute this one-liner:

PowerShell -Command "Set-ExecutionPolicy RemoteSigned ; (new-object System.Net.WebClient).DownloadFile(\"\", \"enable-winrm.ps1\") ; ./enable-winrm.ps1 -HostnameFromDNS"

This will configure WinRM for you. Part of this involves creating an SSL certificate; the -HostnameFromDNS argument will use the system's DNS name. You can instead replace this parameter with a string of the hostname to use for the SSL certificate.

Amazon EC2

Boot up an Amazon EC2 instance based on the Amazon-provided Windows Server 2008 R2 images. Log in using Remote Desktop as Administrator, and open a Command Prompt window. Copy-and-paste this one-liner to bootstrap the WinRM-Tools module, and activate WinRM:

PowerShell -Command "Set-ExecutionPolicy RemoteSigned ; (new-object System.Net.WebClient).DownloadFile(\"\", \"enable-winrm.ps1\") ; ./enable-winrm.ps1 -HostnameFromEC2"

Re-seal the EC2 image:

"\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe" -sysprep

Wait for SysPrep to run, and shut down the instance. Now create a new AMI from the stopped instance.

Your new AMI will be configured with WinRM enabled on port 5986, using HTTPS.