Enabling PowerShell Remoting with NTLM

by Jan 25, 2016

By default, PowerShell remoting uses Kerberos authentication and works only in domain environments, and only when you specify computer names, not IP addresses.

To use PowerShell remoting in other scenarios such as peer-to-peer networks at home or in labs, you need to configure a TrustedHosts list on the client side. In previous versions of PowerShell, PowerShell remoting needed to be enabled on the client to make this adjustment. In PowerShell 5.0, only the WinRM service is required. Start a PowerShell with Administrator privileges, and make sure the WinRM service is running:

  
PS C:\> Start-Service -Name WinRM

Next, take a look at these lines:

Set-Item wsman:\localhost\client\trustedhosts server_* -Force
Set-Item wsman:\localhost\client\trustedhosts 10.10.10.* -Force -Concatenate
Set-Item wsman:\localhost\client\trustedhosts 192.168.2.110 -Force -Concatenate

Get-ChildItem wsman:\localhost\client

They illustrate how you configure the TrustedHosts list to allow NTLM authentication with various targets. In the example, you would now be able to connect to any machine name that starts with “server_”, plus all IP addresses that start with “10.10.10.”, plus the IP address 192.168.2.110.

When you do connect to any of these systems, for example using Enter-PSSession, make sure you also explicitly specify the user account with -Credential. Transparent authentication is supported for Kerberos only in a domain environment.

 

Throughout this month, we’d like to point you to three awesome community-driven global PowerShell events taking place this year:

Europe: April 20-22: 3-day PowerShell Conference EU in Hannover, Germany, with more than 30+ speakers including Jeffrey Snover and Bruce Payette, and 60+ sessions: www.psconf.eu.

Asia: October 21-22: 2-day PowerShell Conference Asia in Singapore. Watch latest announcements at www.psconf.asia

North America: April 4-6: 3-day PowerShell and DevOps Global Summit in Bellevue, WA, USA with 20+ speakers including many PowerShell Team members: https://eventloom.com/event/home/PSNA16

All events have limited seats available so you may want to register early.

Twitter This Tip! ReTweet this Tip!