Wednesday, 28 February 2018

"The WS-Management service cannot process the request. The service is configured to not accept any remote shell requests."

When trying to use PowerShell remoting you may come across the following error

"The WS-Management service cannot process the request. The service is configured to not accept any remote shell requests."

Many people may be confused by this as they have run the Enable-PSRemoting command.

Unfortunately there is another setting called "Allow Remote Shell Access" which can be configured in group policy which prevents you from connecting to a remote machine.

You can see the effective setting by running the following PowerShell command locally
Get-Item WSMan:\localhost\Shell\AllowRemoteShellAccess

The setting can be located in the following group policy path
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Allow Remote Shell Access




I think that this causes some confusion because people believe that Microsoft recommend disabling this setting (and therefore disabling PowerShell remoting) which isn't accurate. 

The recommendation is to review the setting, and if you don't need PowerShell remoting to disable it.

However the CIS recommendation is to just disable the setting, which I disagree with given the modern nature of PowerShell remoting I would rather have this enabled as the primary management method and firewall off older protocols such as WMI but you probably rely on WMI too much to do that.






No comments:

Post a Comment