Reading time <1 Minute

Dismantle Windows Remote Management

Activating WinRM and putting it into operation is quite easy. This is followed by the next small configuration followed by the next setting, etc.

If I have activated WinRM and don't need it, I do the following. It can of course be that the commands have to be adjusted. I just want to show what should / could be thought of.

Decommissioning WinRM

# Show permissions
Get-PSSessionConfiguration | Format-Table -Property Name, Permission

# Which listeners are used?
dir wsman: \ localhost \ listener
winrm enumerate winrm / config / listener

# Remove a single listener
Remove-Item -Path WSMan: \ Localhost \ listener \ Transport = HTTP
or
winrm delete winrm / config / Listener? Address = * + Transport = HTTP
winrm delete winrm / config / Listener? Address = * + Transport = HTTPS

# Remove all listeners
Remove-Item -Path WSMan: \ Localhost \ listener \ listener * -Recurse

# Stop the WinRM service
Stop service WinRM -PassThru

# Deactivate the WinRM service
Set-Service WinRM -StartupType Disabled -PassThru

# Which ports are used?
Get-ChildItem WSMan: \ localhost \ Client \ DefaultPorts

# Deactivate the firewall exceptions
Set-NetFirewallRule -DisplayName 'Windows Remote Management (HTTP-In)' -Enabled False -PassThru | Select -Property DisplayName, Profile, Enabled

Set-NetFirewallRule -DisplayName 'Windows Remote Management (HTTPS-In)' -Enabled False -PassThru | Select -Property DisplayName, Profile, Enabled

# Re-enable local security (remote UAC)
Set-ItemProperty -Path HKLM: \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ system -Name LocalAccountTokenFilterPolicy -Value 0

# Release bound certificate
Set-Location -Path WSMan: \ localhost \ Service;
Set-Item -Path. \ CertificateThumbprint -Value “$ NULL”;

WinRM UseSSL