Using PowerShell Remoting without Domain

by Oct 20, 2014

PowerShell 3 and later

By default, when you enable PowerShell remoting via Enable-PSRemoting, then only Kerberos authentication is enabled. This requires both computers to be in the same domain (or trusted domains), and it only works when you specify computer names (possibly including domain suffixes). It will not work across domains, outside domains, or with IP addresses.

To make this work, you need to make one change on the computer that initiates the remoting. In a PowerShell console with Administrator privileges, enter this:

 
PS> Set-Item WSMan:\localhost\Client\TrustedHosts -Value * -Force 
    

If that path is not available, you may have to first (temporarily) enable PowerShell remoting on that machine (using Enable-PSRemoting –SkipNetworkProfileCheck –Force).

Once you made the change, you now can authenticate using NTLM, too. Just remember that now, with domain-joined computers, you need to always submit the –Credential parameter and specify a username and enter a password.

Twitter This Tip! ReTweet this Tip!