Skip to content
BLOG

How to enable WinRM

Brock
Brock Bingham|Updated May 18, 2026
Dog drooling while reading content on laptop
Dog drooling while reading content on laptop
Sections

TL;DR: WinRM lets admins run PowerShell commands on remote Windows devices, but it must be enabled before remote scripting works. You can check WinRM status with Test-WSMan, enable it quickly with WinRM quickconfig, configure it at scale with Group Policy, or deploy the configuration command through PDQ Connect or PDQ Deploy depending on whether devices are remote or local.

Need to run PowerShell commands against remote Windows devices? WinRM is usually the piece that makes that possible. In this guide, we’ll walk through how to check whether WinRM is enabled, turn it on for one device, and configure it across multiple machines without making it a whole thing.

ConnectIcon CTA

Run PowerShell scripts on remote devices

Execute PowerShell scripts on managed devices from anywhere with PDQ Connect.

Start a free trial

How do you check if WinRM is enabled?

To check if WinRM is enabled, run Test-WSMan from PowerShell against the target computer. If the command returns WS-Management details, WinRM is running and responding on that device.

In this guide, I’m using PowerShell 7.x from an elevated command prompt. These commands should also work in Windows PowerShell, but results may vary if your environment mixes PowerShell 7.x and Windows PowerShell across devices.

Test-WSMan -ComputerName “computer_name”

PowerShell output showing successful and failed Test-WSMan commands used to check whether WinRM is enabled on remote Windows devices.

I ran this command on a few different computers, two with WinRM enabled and one with it disabled so you can see the different results. This command is great if you’re like me and your biggest pet peeve is doing extra work for no reason.

How do you enable WinRM using quickconfig?

The fastest way to enable WinRM on a single Windows device is to run WinRM quickconfig from an elevated command prompt. This command starts the WinRM service, sets it to start automatically, configures a listener, and creates the required firewall exception.

PowerShell window running the WinRM quickconfig command to enable WinRM, configure the service, and create firewall exceptions on a Windows device.

In this screenshot, you see that the command walked me through several prompts, enabling the various settings to ensure WinRM is properly configured. Now if we rerun the test from the previous section, this device should pass it.

PowerShell output showing a failed Test-WSMan check before enabling WinRM and a successful connection test afterward.

WinRM quickconfig works best for one device or a small batch of devices. Because WinRM is not already enabled, you need local access, another remote execution method such as PsExec, or a deployment tool to run the command on target machines. For dozens of devices or an entire domain, use Group Policy or a deployment tool instead.

How do you enable WinRM using Group Policy?

Group Policy is the best option for enabling WinRM across domain-joined Windows devices. You can use one GPO to allow remote server management through WinRM, start the WinRM service automatically, and configure the required inbound firewall rules. Group Policy also has several other features you can configure to customize your WinRM implementation.

Configure the WinRM service policy

Here’s how to enable WinRM with Group Policy and set the IP filters.

  1. Open your Group Policy Management Console.

  2. Right-click on an OU you want to apply the policy to, then click Create a GPO in this Domain, and Link it here.

  3. Name the policy Enable WinRM, then click OK.

  4. Right-click on the new GPO and click Edit.

  5. Expand Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

  6. Locate Allow remote server management through WinRM, and double-click it to edit the setting.

  7. Select Enabled.

  8. Enter a range of IP addresses in the IPv4 and IPv6 filter boxes or add an asterisk to allow all IP addresses.

    Group Policy setting window for enabling remote server management through WinRM and configuring IPv4 and IPv6 filters.

Set the WinRM service to start automatically

Next, let’s configure the WinRM service to start automatically.

  1. Navigate to Computer > Configurations > Preferences > Control Panel Settings > Services.

  2. Right-click in the Services window, then click New > Service.

  3. Change the Startup to Automatic (Delayed Start).

  4. Click the ellipsis button next to the Service name field.

  5. Find and select the service name WinRM.

  6. Select Start Service from the service action menu, then click Apply and OK.

    Windows Service Properties window configuring the WinRM service to start automatically with delayed startup.

Configure the WinRM firewall rules

Finally, we need to configure the firewall rules.

  1. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security > Windows Defender Firewall with Advanced Security.

  2. Right-click on Inbound Rules, then click New Rule.

  3. Select Predefined, then select Windows Remote Management from the drop-down menu.

  4. Click Next.

  5. Uncheck the public profile rule.

    Windows Defender Firewall wizard showing predefined inbound rules for Windows Remote Management (WinRM) with the public profile rule highlighted.

  6. Click Next.

  7. Select Allow the connection, then click Finish.

With the Group Policy Object in place, any devices assigned that GPO will automatically have the necessary Windows Remote Management settings configured.

Can you use PDQ Connect to enable WinRM?

You can use PDQ Connect to enable WinRM. Doing so gives you the ability to deploy the package to remote devices. To create a WinRM enablement package in Connect:

  1. Click the Packages tab.

  2. Click Create package.

  3. Add a package name.

  4. Click the down arrow next to Add install step, then click Add script step.

  5. In the PowerShell window, enter the command WinRM quickconfig -quiet.

    PDQ Connect package editor showing a PowerShell script step running the command WinRM quickconfig -quiet to enable WinRM remotely.

  6. When you’re ready, click Save to save the package.

To deploy the package:

  1. In the Packages tab, locate and select the package you just created, then click Deploy.

    PDQ Connect Packages page highlighting the Deploy button used to deploy a WinRM enablement package to target devices.

  2. Add your target devices or groups by searching for them in the Search devices and groups field.

  3. When you’re ready, click Deploy.

    PDQ Connect deployment window showing the Enable WinRM package assigned to multiple target devices before deployment.

PDQ Connect can deploy the package to remote devices over the internet, but WinRM connections still require network reachability between the devices using WinRM. Enabling WinRM does not make remote WinRM sessions work across the internet by itself.

WinRM is pretty cool, but not quite that cool.

Can you use PDQ Deploy to enable WinRM?

PDQ Deploy lets you push the WinRM quickconfig command to any device on your local network, making it ideal for on-prem deployments. To ensure we don’t interrupt any users, we’ll use the -quiet parameter to run the command silently.

  1. In PDQ Deploy, click New Package.

    PDQ Deploy console with the New Package button highlighted for creating a package to enable WinRM.

  2. Add a name like Enable WinRM to your package.

  3. Click New Step > PowerShell.

  4. Add the command WinRM quickconfig -quiet to the PowerShell window.

  5. Click Save.

    PDQ Deploy PowerShell step configured with the command WinRM quickconfig -quiet to enable WinRM silently on remote devices.

Your WinRM package is ready to deploy to as many or as few devices as you need. This is a great way to limit the number of devices you enable WinRM on.

Whether you’re enabling WinRM on one machine or wrangling an entire domain, the right tool can save you a heap of time and coffee. PDQ Connect makes it easy to deploy scripts like WinRM quickconfig across remote devices — no VPN required. Try PDQ Connect for free and see how simple remote device management can be when the software actually works with you, not against you.

How to enable WinRM FAQs

What is WinRM used for?

WinRM (Windows Remote Management) lets you run PowerShell commands on remote Windows devices. It’s commonly used for remote scripting, automation, and configuration tasks.

Is WinRM secure?

WinRM can be secure when it is limited to trusted networks, protected with proper authentication, and controlled with firewall rules or IP filters. For additional transport protection, configure WinRM over HTTPS with a valid certificate.

What are the default ports for WinRM?

By default, WinRM listens on port 5985 for HTTP and 5986 for HTTPS.

Brock
Brock Bingham

Brock Bingham is a systems administrator with 15 years of experience managing endpoints and servers, with a strong focus on automation, patching, security, and maintaining stable environments at scale. After years of hands-on IT work, he now creates content and teaches, helping other admins learn through practical, real-world guidance.

Related articles

Powershell1 2026

PowerShell automation for sysadmins: How to work smarter without breaking things

POWERSHELL

Patch Tuesday

Patch Tuesday May 2026

SECURITY

News2 2026

PDQ appoints Emily Glass & Shaun Clowes to board of directors to support growth

NEWS