Skip to content
BLOG

How to enable WinRM

Brock Bingham candid headshot
Brock Bingham|Updated July 23, 2025
Dog drooling while reading content on laptop
Dog drooling while reading content on laptop
Sections

Windows Remote Management (WinRM) lets you run PowerShell commands on remote Windows devices. If it's not enabled, remote scripting won’t work. Here’s how to check if WinRM is enabled and how to turn it on using several common methods.

ConnectIcon CTA

Easily run PowerShell scripts on remote devices

Need to run your awesome PowerShell scripts on remote devices? PDQ Connect can easily execute PowerShell scripts on any managed device with an active internet connection. 

Start a free trial

How do you check if WinRM is enabled?

Before we start configuring WinRM, it’s a good idea to check to see if it’s already enabled on your devices. To test if WinRM is enabled, run Test-WSMan from a PowerShell window. Here’s an example.

In this guide, I’m using PowerShell 7.x from an elevated command prompt. These commands should also work in Windows PowerShell, though you can get different results if you are using a mixture of Windows PowerShell and PowerShell 7.x on your devices.

Test-WSMan -ComputerName “computer_name”

Screenshot of PowerShell showing running a command on different devices to test if Windows Remote Management is enabled or not.

I ran this command on a few different computers, two with WinRM enabled and one with it disabled so you can see the different results. This command is great if you’re like me and your biggest pet peeve is doing extra work for no reason.

How do you enable WinRM using quickconfig?

The fastest and easiest way to enable WinRM is with the WinRM quickconfig command. WinRM quickconfig automatically configures several settings, such as WinRM listeners, inbound firewall rules, and the Windows Remote Management (WS-Management) service, to ensure WinRM is working properly.

Screenshot of PowerShell showing running the WinRM quickconfig command to configure WinRM.

In this screenshot, you see that the command walked me through several prompts, enabling the various settings to ensure WinRM is properly configured. Now if we rerun the test from the previous section, this device should pass it.

Screenshot of PowerShell showing verifying that the quick configure command worked to enable WinRM.

While this command is very fast and easy to use, it does have a couple of drawbacks. First, since WinRM isn’t already enabled on the target devices, you’ll need to run the command locally on the client computer or run a remote PowerShell session with something like PsExec to run the command. Second, this method is only quick if you need to enable WinRM on a few machines. If you need to enable WinRM on dozens of devices or across an entire domain, you’ll want to use one of the methods discussed below.

How do you enable WinRM using Group Policy?

Group Policy is a great option for enabling WinRM in a domain environment. With Group Policy, you can quickly enable WinRM, configure the WinRM service, and set your firewall rules. Group Policy also has several other features you can configure to customize your WinRM implementation.

Here’s how to enable WinRM with Group Policy and set the IP filters.

  1. Open your Group Policy Management Console.

  2. Right-click on an OU you want to apply the policy to, then click Create a GPO in this Domain, and Link it here.

  3. Name the policy Enable WinRM, then click OK.

  4. Right-click on the new GPO and click Edit.

  5. Expand Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

  6. Locate Allow remote server management through WinRM, and double-click it to edit the setting.

  7. Select Enabled.

  8. Enter a range of IP addresses in the IPv4 and IPv6 filter boxes or add an asterisk to allow all IP addresses.

    Screenshot of the "Allow remote server management through WinRM" window.

Next, let’s configure the WinRM service to start automatically.

  1. Navigate to Computer > Configurations > Preferences > Control Panel Settings > Services.

  2. Right-click in the Services window, then click New > Service.

  3. Change the Startup to Automatic (Delayed Start).

  4. Click the ellipsis button next to the Service name field.

  5. Find and select the service name WinRM.

  6. Select Start Service from the service action menu, then click Apply and OK.

    Screenshot of the "New Service Properties" window.

Finally, we need to configure the firewall rules.

  1. Expand Computer Configuration > Policies > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security > Windows Defender Firewall with Advanced Security.

  2. Right-click on Inbound Rules, then click New Rule.

  3. Select Predefined, then select Windows Remote Management from the drop-down menu.

  4. Click Next.

  5. Uncheck the public profile rule.

    Screenshot showing the public profile rule in the New Inbound Rule Wizard window.

  6. Click Next.

  7. Select Allow the connection, then click Finish.

With the Group Policy Object in place, any devices assigned that GPO will automatically have the necessary Windows Remote Management settings configured.

Can you use PDQ Connect to enable WinRM?

You can use PDQ Connect to enable WinRM. Doing so gives you the ability to deploy the package to remote devices. To create a WinRM enablement package in Connect:

  1. Click the Packages tab.

  2. Click Create package.

  3. Add a package name.

  4. Click the down arrow next to Add install step, then click Add script step.

  5. In the PowerShell window, enter the command WinRM quickconfig -quiet.

    Screenshot of adding a PowerShell command to a PDQ Connect package.

  6. When you’re ready, click Save to save the package.

To deploy the package:

  1. In the Packages tab, locate and select the package you just created, then click Deploy.

    Screenshot of selecting a package to deploy in PDQ Connect.

  2. Add your target devices or groups by searching for them in the Search devices and groups field.

  3. When you’re ready, click Deploy.

    Screenshot of adding targets to a deployment in PDQ Connect.

Keep in mind that while PDQ Connect can deploy packages over the internet, WinRM still requires that target devices be reachable on your local network.

WinRM is pretty cool, but not quite that cool.

Can you use PDQ Deploy to enable WinRM?

PDQ Deploy lets you push the WinRM quickconfig command to any device on your local network, making it ideal for on-prem deployments. To ensure we don’t interrupt any users, we’ll use the -quiet parameter to run the command silently.

  1. In PDQ Deploy, click New Package.

    Screenshot showing "New Package" button in PDQ Deploy.

  2. Add a name like Enable WinRM to your package.

  3. Click New Step > PowerShell.

  4. Add the command WinRM quickconfig -quiet to the PowerShell window.

  5. Click Save.

    Screenshot showing the above command and the "Save" button in the PowerShell window of PDQ Deploy.

Your WinRM package is ready to deploy to as many or as few devices as you need. This is a great way to limit the number of devices you enable WinRM on.

Whether you’re enabling WinRM on one machine or wrangling an entire domain, the right tool can save you a heap of time and coffee. PDQ Connect makes it easy to deploy scripts like WinRM quickconfig across remote devices — no VPN required. Try PDQ Connect for free and see how simple remote device management can be when the software actually works with you, not against you.

How to enable WinRM FAQs

What is WinRM used for?

WinRM (Windows Remote Management) lets you run PowerShell commands on remote Windows devices. It’s commonly used for remote scripting, automation, and configuration tasks.

Is WinRM secure?

WinRM uses HTTP by default, but it can be configured to use HTTPS for encrypted communication. It's secure when you pair it with authentication, encryption, and proper IP filters or firewall rules.

What are the default ports for WinRM?

By default, WinRM listens on port 5985 for HTTP and 5986 for HTTPS.

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

Green laptop with PDQ logo

How to automate patch management

GENERAL IT

Patch Tuesday October 2023

Patch Tuesday August 2025

SECURITY

General grey

How to disable Windows telemetry

PRODUCT