Objective: Configure WinRM (Windows Remote Management) to allow connections only from a specific subnet, enhancing security.

Before proceeding, ensure you have administrative access to the Windows host where you want to configure WinRM.

1. Enable WinRM: On the remote Windows host, open a PowerShell session with administrative rights and run the following command to enable WinRM:

Enable-PSRemoting -Force

This command configures WinRM for remote management.

2. Allow WinRM Through the Firewall: By default, Windows Firewall might block WinRM traffic. To allow WinRM through the firewall, use this command on the remote host:

Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP" -Enabled True

This command enables the rule that allows WinRM traffic.

3. Configure WinRM Listener: To restrict WinRM access to a specific subnet, modify the listener configuration. Run this command on the remote host:

Set-Item WSMan:\localhost\Listener\* -Address 192.168.1.0/24

This command allows connections from any IP address within the 192.168.1.0/24 subnet. Adjust the subnet as needed for your network.

4. Restart WinRM Service: After making these changes, restart the WinRM service on the remote host to apply the configuration:

Restart-Service WinRM

To verify that WinRM is correctly configured with subnet restrictions, attempt to connect to the remote host using WinRM from a computer within the allowed subnet. You can use PowerShell's Enter-PSSession cmdlet or other WinRM-based tools.

If the configuration is successful, WinRM connections from other subnets will be denied, enhancing security for your Windows host.

This formatted article provides step-by-step instructions for configuring WinRM with subnet restrictions on a Windows host. You can add this to your DokuWiki for reference. If you have any further questions or need additional information, please feel free to ask!