How to Use PowerShell Remoting on Windows Server

PowerShell remoting lets you run commands on remote Windows Servers without needing a full Remote Desktop session. It is faster, scriptable, and works even on Server Core installations with no GUI. WinRM (Windows Remote Management) is the underlying protocol that makes this possible. This guide covers how to enable and use PowerShell remoting on Windows Server.

Enable PowerShell Remoting

On the server you want to manage remotely, run the following in an elevated PowerShell window:

Enable-PSRemoting -Force

This command:

• Starts and configures the WinRM service
• Sets WinRM to start automatically
• Creates a firewall rule allowing inbound WinRM traffic (TCP port 5985 for HTTP, 5986 for HTTPS)
• Configures a default session configuration (endpoint) that remote connections use

On domain-joined servers this is all that is typically needed. On workgroup servers, additional trusted hosts configuration is required (see below).

Check WinRM Status

# Check if WinRM is running
Get-Service WinRM

# Test if WinRM is accessible on a remote server
Test-WSMan -ComputerName SERVERNAME

# Check WinRM configuration
winrm get winrm/config

Connect to a Remote Server (Enter-PSSession)

Enter-PSSession opens an interactive remote PowerShell session — like SSH but for Windows:

# Connect using current credentials
Enter-PSSession -ComputerName SERVERNAME

# Connect with different credentials
Enter-PSSession -ComputerName SERVERNAME -Credential (Get-Credential)

# Connect using IP address (requires TrustedHosts config — see below)
Enter-PSSession -ComputerName 192.168.1.50 -Credential SERVERNAME\Administrator

Your prompt changes to [SERVERNAME]: PS C:\Users\...> to indicate you are in the remote session. Type exit to return to your local session.

Run Commands on a Remote Server (Invoke-Command)

Invoke-Command runs commands on one or more remote servers and returns the results — without opening an interactive session:

# Run a single command
Invoke-Command -ComputerName SERVERNAME -ScriptBlock { Get-Service | Where-Object {$_.Status -ne 'Running'} }

# Run on multiple servers at once
Invoke-Command -ComputerName SERVER1,SERVER2,SERVER3 -ScriptBlock { hostname; Get-Date }

# Run a local script file on a remote server
Invoke-Command -ComputerName SERVERNAME -FilePath C:\Scripts\healthcheck.ps1

# Pass variables to the remote session
$threshold = 20
Invoke-Command -ComputerName SERVERNAME -ScriptBlock { 
    param($t)
    Get-PSDrive -PSProvider FileSystem | Where-Object {[math]::Round($_.Free/($_.Used+$_.Free)*100) -lt $t}
} -ArgumentList $threshold

Run Commands on All Servers in an OU

# Get all computer names from an OU and run a command on all of them
$servers = (Get-ADComputer -Filter * -SearchBase "OU=Servers,DC=contoso,DC=local").Name
Invoke-Command -ComputerName $servers -ScriptBlock { 
    [PSCustomObject]@{
        Server  = $env:COMPUTERNAME
        Uptime  = ((Get-Date) - (Get-CimInstance Win32_OperatingSystem).LastBootUpTime).Days
        FreeGB  = [math]::Round((Get-PSDrive C).Free/1GB,1)
    }
} | Format-Table -AutoSize

This kind of bulk query — checking uptime and disk space across 50 servers at once — takes seconds with PowerShell remoting and would take hours manually.

Configure TrustedHosts for Workgroup Environments

On non-domain networks, WinRM uses HTTPS or TrustedHosts for authentication. To connect to a server not in the same domain:

# On your management PC, add the remote server to TrustedHosts
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "192.168.1.50" -Force

# Add multiple servers
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "SERVER1,SERVER2,192.168.1.50" -Force

# Allow all (use with caution — only in isolated lab environments)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

WinRM Over HTTPS (Secure Remoting)

By default, WinRM uses HTTP (port 5985) with Kerberos authentication on domain networks — the traffic is encrypted at the authentication layer but not the session layer. For cross-domain or internet-facing remoting, use HTTPS (port 5986) with a certificate:

# Create a self-signed certificate and configure HTTPS listener
$cert = New-SelfSignedCertificate -DnsName "SERVERNAME" -CertStoreLocation Cert:\LocalMachine\My
New-WSManInstance WinRM/Config/Listener -SelectorSet @{Address="*";Transport="HTTPS"} -ValueSet @{Hostname="SERVERNAME";CertificateThumbprint=$cert.Thumbprint}
Enable-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)"

Disable PowerShell Remoting

Disable-PSRemoting -Force
Stop-Service WinRM
Set-Service WinRM -StartupType Disabled

On servers that do not need remote management, disabling WinRM reduces the attack surface. Ensure you have an alternative management path (RDP, iDRAC/iLO) before disabling it.

Related Guides

• How to Enable Remote Desktop (RDP) on Windows Server
• How to Manage Services on Windows Server
• How to Set Up Scheduled Tasks on Windows Server