none
Starting enable-psremoting on windows 7 machines on domain RRS feed

  • Question

  • UPDATE: Tried to connect to affected machines using RDP, and it gets a certificate issue. Accepts that from my machine, and I can now do things remotely. 

    Hi, 

    I have looked at lots of articles and can't get a solution which works.

    I have a number of windows 7 computers on the domain here. I am a member of a group, which is in the administrators group, I have checked the firewall and added the rule to allow remote management, I have checked the language. My domain account has a password.  The winrm service is running.  Also checked to see what network category is on that machine - domainauthenticated. MpsSvc (firewall) is running.

    And yet when I try to enable-psremoting I get: Access Denied - see below.

    This is not just 1 windows 7 machine - I have tried 3. Is there anything else which I could check please? Res-00444 is one of the machines, and this was connected to from an elevated powershell window. 

    [res-00444]: PS C:\Users\christine.rutter\Documents> Enable-PSRemoting

    WinRM Quick Configuration
    Running command "Set-WSManQuickConfig" to enable this machine for remote management through WinRM service.
     This includes:
        1. Starting or restarting (if already started) the WinRM service
        2. Setting the WinRM service type to auto start
        3. Creating a listener to accept requests on any IP address
        4. Enabling firewall exception for WS-Management traffic (for http only).

    Do you want to continue?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): Y
    WinRM already is set up to receive requests on this machine.
    Access is denied.
        + CategoryInfo          :
        + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand

    ran the following from an elevated cmd prompt. Anything in there help?

    C:\Windows\system32>winrm get winrm/config -r:res-00444
    Config
        MaxEnvelopeSizekb = 150
        MaxTimeoutms = 60000
        MaxBatchItems = 32000
        MaxProviderRequests = 4294967295
        Client
            NetworkDelayms = 5000
            URLPrefix = wsman
            AllowUnencrypted = false
            Auth
                Basic = true
                Digest = true
                Kerberos = true
                Negotiate = true
                Certificate = true
                CredSSP = false
            DefaultPorts
                HTTP = 5985
                HTTPS = 5986
            TrustedHosts
        Service
            RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
            MaxConcurrentOperations = 4294967295
            MaxConcurrentOperationsPerUser = 15
            EnumerationTimeoutms = 60000
            MaxConnections = 25
            MaxPacketRetrievalTimeSeconds = 120
            AllowUnencrypted = false
            Auth
                Basic = false
                Kerberos = true
                Negotiate = true
                Certificate = false
                CredSSP = false
                CbtHardeningLevel = Relaxed
            DefaultPorts
                HTTP = 5985
                HTTPS = 5986
            IPv4Filter = *
            IPv6Filter = *
            EnableCompatibilityHttpListener = false
            EnableCompatibilityHttpsListener = false
            CertificateThumbprint
        Winrs
            AllowRemoteShellAccess = true
            IdleTimeout = 180000
            MaxConcurrentUsers = 5
            MaxShellRunTime = 2147483647
            MaxProcessesPerShell = 15
            MaxMemoryPerShellMB = 150
            MaxShellsPerUser = 5

    There are some numbers in here which are different on windows 10 to windows 7.

    Using pssession on remote win 10 machine 

    [con-00851]: PS C:\Windows\system32> get-item wsman:\localhost\service\rootsddl
       WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Service
    Type            Name                           SourceOfValue   Value
    ----            ----                           -------------   -----
    System.String   RootSDDL                                       O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)...

    doing the same on the win 7 machine

    [res-00444]: PS C:\get-item wsman:\localhost\service\rootsddl
    Get-Item : Cannot find path 'WSMan:\localhost\Service\rootsddl' because it does not exist.
        + CategoryInfo          : ObjectNotFound: (WSMan:\localhost\Service\rootsddl:String) [Get-Item], ItemNotFoundExcep
       tion
        + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemCommand



    Thursday, January 18, 2018 9:25 AM

All replies

  • Have you tried testing?

    Test-WsMan computername


    \_(ツ)_/

    Thursday, January 18, 2018 3:19 PM
  • Yes, get access denied, unless I have RDPd to the machine, and accepted it's out of date certificate - bit of a pain, but at least I know what is causing it - can't solve that one though - hey ho
    Thursday, January 18, 2018 3:21 PM