1
00:00:00,440 --> 00:00:04,040
Another way of enabling PS Remoting, if we want to do it on

2
00:00:04,040 --> 00:00:06,930
multiple machines, is to use Group Policy Management.

3
00:00:06,930 --> 00:00:11,280
So what we can do here is I can say Group Policy Management and launch

4
00:00:11,280 --> 00:00:15,430
this tool from the domain controller itself, and we just scroll this

5
00:00:15,430 --> 00:00:19,580
down and expand into our domain, and you'll see we have a default domain

6
00:00:19,580 --> 00:00:24,450
policy listed here. Now from the default domain policy, what we can

7
00:00:24,450 --> 00:00:29,220
actually do is choose Edit, and this will then launch the actual domain

8
00:00:29,220 --> 00:00:31,540
configuration tool.

9
00:00:31,540 --> 00:00:32,360
Now from here,

10
00:00:32,360 --> 00:00:35,410
what we can do is go into the computer configuration, and

11
00:00:35,410 --> 00:00:38,740
you'll see that we have policies, which obviously breaks

12
00:00:38,740 --> 00:00:41,020
down our configuration settings.

13
00:00:41,020 --> 00:00:46,640
We can then go into Administrative Templates, which are from the local machine.

14
00:00:46,640 --> 00:00:49,300
We can then go directly into Windows Components,

15
00:00:49,300 --> 00:00:53,010
which is a vast list, so I'm actually going to click on here to show it in

16
00:00:53,010 --> 00:00:56,880
the right‑hand side. Then we can go down and scroll through all the

17
00:00:56,880 --> 00:01:00,120
different options that are there, but what you'll see is we have something

18
00:01:00,120 --> 00:01:03,590
called Remote, kind of Windows components.

19
00:01:03,590 --> 00:01:05,960
We can then have Remote Management.

20
00:01:05,960 --> 00:01:07,220
You've got Remote Shell.

21
00:01:07,220 --> 00:01:09,270
But if I go into Remote Management,

22
00:01:09,270 --> 00:01:15,340
which is the WinRM, double‑click, you'll see we have a Client and a server.

23
00:01:15,340 --> 00:01:17,530
We're actually going to go into that, well, Service.

24
00:01:17,530 --> 00:01:20,940
We're going to go into the Service option here. And right at the top

25
00:01:20,940 --> 00:01:25,890
there is Allow server management through WinRM. So I'm going to

26
00:01:25,890 --> 00:01:30,200
double‑click this, and you'll see that we can say Enabled, and then

27
00:01:30,200 --> 00:01:32,540
what we get is some property values.

28
00:01:32,540 --> 00:01:35,780
What we're going to do here is specify the wildcard,

29
00:01:35,780 --> 00:01:40,990
which means this will allow any machine or any IP address to be

30
00:01:40,990 --> 00:01:44,300
able to communicate to WinRM on this machine.

31
00:01:44,300 --> 00:01:48,200
So I'm going to click Apply and OK, and that's configured our

32
00:01:48,200 --> 00:01:51,240
basic setting within that Group Policy.

33
00:01:51,240 --> 00:01:53,570
Now once we've done that, that works great.

34
00:01:53,570 --> 00:01:56,940
But the next thing we have to do is we also need to do, if you remember, when

35
00:01:56,940 --> 00:02:00,700
we ran the PowerShell, it enabled firewall rules as well.

36
00:02:00,700 --> 00:02:03,700
So we need to go into the same policy and kind of

37
00:02:03,700 --> 00:02:05,660
expand things a little bit differently.

38
00:02:05,660 --> 00:02:08,650
So I'm actually going to come out of my Admin Templates,

39
00:02:08,650 --> 00:02:11,740
go to Windows Settings here,

40
00:02:11,740 --> 00:02:15,260
then I'm going to wait for that to expand and go to Security Settings.

41
00:02:15,260 --> 00:02:20,770
Once that expands, we can go down to the Windows firewall option,

42
00:02:20,770 --> 00:02:24,750
which is actually going to be here, Windows firewall,

43
00:02:24,750 --> 00:02:27,740
Defender Firewall with Advanced Security, and then we can

44
00:02:27,740 --> 00:02:31,140
click directly into that firewall option.

45
00:02:31,140 --> 00:02:35,950
Now what this does is this will give you the connection to the

46
00:02:35,950 --> 00:02:40,900
firewall that effectively we're going to push this out to. So what

47
00:02:40,900 --> 00:02:44,550
we can do here is we can go over this side. You'll see we've got

48
00:02:44,550 --> 00:02:46,590
Inbound Rules and Outbound Rules.

49
00:02:46,590 --> 00:02:50,400
We can then expand, and you'll see a list of the inbound rules,

50
00:02:50,400 --> 00:02:53,140
which is blank because it's a blank policy.

51
00:02:53,140 --> 00:02:55,800
But what I can do here is I can go through the

52
00:02:55,800 --> 00:02:59,110
process of creating a new inbound rule.

53
00:02:59,110 --> 00:03:03,140
So I'm going to say New Rule. We'll wait for this to launch.

54
00:03:03,140 --> 00:03:06,530
I'm then going to go through and say Predefined because I want to pick a

55
00:03:06,530 --> 00:03:11,120
specific service, and this will be the Windows Remote Management, so I'm

56
00:03:11,120 --> 00:03:15,670
going to select that option there. I'll choose Next, and you'll see, what

57
00:03:15,670 --> 00:03:20,310
it does is it has both options selected, so a public profile, and a

58
00:03:20,310 --> 00:03:22,240
domain, and a private one.

59
00:03:22,240 --> 00:03:23,570
So we'll choose Next.

60
00:03:23,570 --> 00:03:26,550
I'm going to say Allow connection, and click Finish.

61
00:03:26,550 --> 00:03:33,040
That will add the two rules that are required for the firewalls.

62
00:03:33,040 --> 00:03:35,110
So, that's our next one that's there.

63
00:03:35,110 --> 00:03:38,840
So we've created our two inbound rules.

64
00:03:38,840 --> 00:03:39,560
Lastly,

65
00:03:39,560 --> 00:03:43,190
what we actually have to do is configure any services. So what we're going

66
00:03:43,190 --> 00:03:46,040
to do is go back through the structure here, and you'll see System

67
00:03:46,040 --> 00:03:50,140
Services. We'll click onto System Services, and you'll see there's a whole

68
00:03:50,140 --> 00:03:53,760
host of them here. And we're going to scroll all the way down to the

69
00:03:53,760 --> 00:03:57,510
Windows Remote Management one, which should be here.

70
00:03:57,510 --> 00:04:01,660
We're going to double‑click. We can say Define for this policy,

71
00:04:01,660 --> 00:04:05,940
which is the option that we want to have, and I'm going to say Automatic.

72
00:04:05,940 --> 00:04:09,420
So that's going to be the configuration setting that I wish to go with.

73
00:04:09,420 --> 00:04:11,340
I'm going to say Apply.

74
00:04:11,340 --> 00:04:14,510
We could also edit any of the security if we needed,

75
00:04:14,510 --> 00:04:18,630
but I'm going to click OK. So my Windows Remote Management

76
00:04:18,630 --> 00:04:23,320
one is now configured for Automatic, which is what we want it to do.

77
00:04:23,320 --> 00:04:29,240
We want that to automatically start up with no options to kind of change.

78
00:04:29,240 --> 00:04:31,840
We just say, hey, automatically start.

79
00:04:31,840 --> 00:04:38,000
So that means when a machine logs into the environment,

80
00:04:38,000 --> 00:04:41,760
the default Group Policy will push an update out to all of

81
00:04:41,760 --> 00:04:45,250
those machines, which will effectively turn on the Windows

82
00:04:45,250 --> 00:04:47,180
Remote Management service.

83
00:04:47,180 --> 00:04:51,570
It will add the inbound rules, and it will enable

84
00:04:51,570 --> 00:04:54,540
and allow WinRM remote management.

85
00:04:54,540 --> 00:04:57,920
So, the two core ways of enabling everything, one was the

86
00:04:57,920 --> 00:05:00,410
PowerShell option that we looked at previously, and the

87
00:05:00,410 --> 00:05:02,070
second one is Group Policy.

88
00:05:02,070 --> 00:05:07,040
So if you are planning to do PowerShell remote management for multiple machines,

89
00:05:07,040 --> 00:05:12,090
then this is the option to use to use Group Policy management and create the

90
00:05:12,090 --> 00:05:19,000
policy that will create everything that's needed instead of trying to manually run the PowerShell commands across multiple machines.