PowerShell remoting to Workgroup machines

In setting up a small virtual lab at home, I had a bit of a struggle getting PowerShell remoting to work since both machines (one server and one client) were members of Workgroup and not any domain. After some research I found out that setting it up wasn’t hard at all, but I decided to document it to next time I might need it. The first thing you will have to verify is that WinRM is running on both machines. In my case, my server was running Windows Server 2012 so WinRM was already running, but not on my client. Quickly remedied though:

Set-Service winrm -StartupType Automatic -PassThru | Start-Service

Next, since the target machine is not part of any domain, we need to add it to the trusted host list on the source machine:

Set-Item WSMan:\localhost\Client\TrustedHosts RemoteComputerName -Concatenate -Force

Lastly, to override UAC restrictions on running elevated processes on workgroup computers, run the following command on the target computer:

New-ItemProperty -Name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1 -Force

Since you need to use a local user with admin privileges at the target machine, you need to use the Credential parameter of Enter-PSSession to get it to work. Or you can create a new PSSession object with New-PSSession and save that in a variable. This makes it easier to re-use, at least within that PowerShell session. Hopefully this will be helpful for some of you that are struggling with the same problem I had.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s