configure the winrm client without starting the winrm server
When trying to user psremoting you have to add a trusted host to your client's trusted hosts. This is fine and we normally default to '*' for developer machines that need to talk to prod and other infra. The problem is that this also requires the developer machine to start the winrm service which 'allows the computer to recieve Windows Powershell remote commands that are sent using the WS-Management technology'. I get pushback from devs who don't want to run this server service and see it as an unecessary security risk. We typically don't need CredSSP or have issues with the double-hop problem, so it doesn't make sense that when configuring the client to require that the server is started. I'd expect that a security review would also flag this as an issue for concern.
You need to install and run the server, to allow WinRM the client to be configured (tipically the TrustedHosts)
it's completely unbelievable, in my opinion.
So unbelievable that I struggled a lot trying someway to do it while repeating to myself "It's impossible"... until I found this post.
If so, I think WinRM is not very usable, unless you are within a Domain
I do Think Microsoft should change this.
Decision maker who decided, that winrm client configuration needs running winrm server should be fired. It is similar like for changing home page of web browser (IE or Edge) you need also start IIS to allow it.
Nathan Vonnahme commented
Remoting should work by default. Imagine if you couldn't run `mstsc` or access network shares out of the box without whacking a bunch of spookily named security settings.
Ritch Melton commented
I originally opened an issue with the powershell team on github. https://github.com/PowerShell/PowerShell/issues/3468
They politely asked I redirect the issue here.