In setting up a small virtual lab at home, I had a bit of a struggle getting PowerShell remoting to work since both machines (one server and one client) were members of Workgroup and not any domain. After some research I found out that setting it up wasn’t hard at all, but I decided to document it to next time I might need it. The first thing you will have to verify is that WinRM is running on both machines. In my case, my server was running Windows Server 2012 so WinRM was already running, but not on my client. Quickly remedied though:
Set-Service winrm -StartupType Automatic -PassThru | Start-Service
Next, since the target machine is not part of any domain, we need to add it to the trusted host list on the source machine:
Set-Item WSMan:\localhost\Client\TrustedHosts RemoteComputerName -Concatenate -Force
Lastly, to override UAC restrictions on running elevated processes on workgroup computers, run the following command on the target computer:
New-ItemProperty -Name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1 -Force
Since you need to use a local user with admin privileges at the target machine, you need to use the Credential parameter of Enter-PSSession to get it to work. Or you can create a new PSSession object with New-PSSession and save that in a variable. This makes it easier to re-use, at least within that PowerShell session. Hopefully this will be helpful for some of you that are struggling with the same problem I had.