Policy

Allow remote server management through WinRM

Microsoft Windows

Back to WinRM ServiceBack to main
Allow remote server management through WinRM
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Windows Remote Management (WinRM) > WinRM Service
Supported on
At least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port. If you enable this policy setting, the WinRM service automatically listens on the network for requests on the HTTP transport over the default HTTP port. To allow WinRM service to receive requests over the network, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP). If you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured. The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges. You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses. For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty. Ranges are specified using the syntax IP1-IP2. Multiple ranges are separated using "," (comma) as the delimiter. Example IPv4 filters:\n2.0.0.1-2.0.0.20, 24.0.0.1-24.0.0.22 Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562

Internal name
AllowAutoConfig
Policy ID
abc566c90e4b
Elements
2

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Policies\Microsoft\Windows\WinRM\Service
Value name
AllowAutoConfig
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Policies\Microsoft\Windows\WinRM\Service
Value name
AllowAutoConfig
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
IPv4 filter:
ID AllowAutoConfig_IPv4Filter
text
Path
Software\Policies\Microsoft\Windows\WinRM\Service
Value name
IPv4Filter
Type
REG_SZ
None
Computer
IPv6 filter:
ID AllowAutoConfig_IPv6Filter
text
Path
Software\Policies\Microsoft\Windows\WinRM\Service
Value name
IPv6Filter
Type
REG_SZ
None
IPv4 filter:
Computer · Type text
Registry mapping
Path
Software\Policies\Microsoft\Windows\WinRM\Service
Value name
IPv4Filter
Type
REG_SZ
DetailsNone
IPv6 filter:
Computer · Type text
Registry mapping
Path
Software\Policies\Microsoft\Windows\WinRM\Service
Value name
IPv6Filter
Type
REG_SZ
DetailsNone