Hi All.
So, I recently started a new job and one of the first major tasks I've fallen into is configuring GPO. This is a small organization - maybe 70 people or so - and as far as GPO goes, it's a pretty clean slate. First order of business for me was to enable Powershell remoting. I've done this at a previous job and had zero issues; here, not so much. This is what I've done so far to get to the point of frustration that I'm currently at:
- Created a test OU and threw a test machine in it that has the general image on most computers in this environment.
- Checked all previous policies to make sure that Firewall wasn't configured on any of them-- it's not(Firewall currently is set locally on machines out in the field).
- Created a Firewall policy to Enable Powershell Remoting. In this policy I configured the following:
- Enabled WinRm service and set it to automatic.
- Turned Firewall on and set predefined rule for WinRM(both ports, 80 and 5985)
- Under Administrative Templates >> WinRM >> WinRM Service, I enabled all Ipv4 listeners.
- I also blocked inheritance on that OU; however, when I run gpresult /v, it still seems to be taking the policies that it shouldn't(even though that really should not have any bearing on this at all).
- I rebooted the workstation to ensure restart or WinRm
- I confirmed that the FW policy took, which it did
- Opened up Powershell and ran WinRm quickconfig and I received a message saying that WinRm service is started and running, but the Firewall needed the WinRM exception added to it(even though it was through domain gpo and was reflected on the target machine FW).
- Turned FW off and ran WinRm quickconfig again and I received the same message about poking the FW.
And so that's where I'm at. I thought maybe it was conflicting with another FW setting somewhere else, but it doesn't seem to be. I set up inheritance blocking to mitigate that anyway and still no dice.
Any help or suggestions would be greatly appreciated.
Cheers