To improve Windows Server I suggest you ...

configure the winrm client without starting the winrm server

When trying to user psremoting you have to add a trusted host to your client's trusted hosts. This is fine and we normally default to '*' for developer machines that need to talk to prod and other infra. The problem is that this also requires the developer machine to start the winrm service which 'allows the computer to recieve Windows Powershell remote commands that are sent using the WS-Management technology'. I get pushback from devs who don't want to run this server service and see it as an unecessary security risk. We typically don't need CredSSP or have issues with the double-hop problem, so it doesn't make sense that when configuring the client to require that the server is started. I'd expect that a security review would also flag this as an issue for concern.

6 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ritch MeltonRitch Melton shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base