diff --git a/reference/6/Microsoft.PowerShell.Core/Disable-PSRemoting.md b/reference/6/Microsoft.PowerShell.Core/Disable-PSRemoting.md index 21f05e8c7907..6210228b8bf4 100644 --- a/reference/6/Microsoft.PowerShell.Core/Disable-PSRemoting.md +++ b/reference/6/Microsoft.PowerShell.Core/Disable-PSRemoting.md @@ -1,5 +1,5 @@ --- -ms.date: 10/02/2018 +ms.date: 3/22/2019 schema: 2.0.0 locale: en-us keywords: powershell,cmdlet @@ -7,11 +7,11 @@ online version: http://go.microsoft.com/fwlink/?LinkId=821472 external help file: System.Management.Automation.dll-Help.xml title: Disable-PSRemoting --- - # Disable-PSRemoting ## SYNOPSIS -Prevents remote users from running commands on the local computer. + +Prevents remote users from running commands in PowerShell on the local computer. ## SYNTAX @@ -20,220 +20,239 @@ Disable-PSRemoting [-Force] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -The **Disable-PSRemoting** cmdlet prevents users on other computers from running commands on the local computer. - -**Disable-PSRemoting** blocks remote access to all session configurations on the local computer. -This prevents remote users from creating temporary or persistent sessions to the local computer. -**Disable-PSRemoting** does not prevent users of the local computer from creating sessions (**PSSessions**) on the local computer or remote computers. -To re-enable remote access to all session configurations, use the Enable-PSRemoting cmdlet. -To enable remote access to selected session configurations, use the *AccessMode* parameter of the Set-PSSessionConfiguration cmdlet. -You can also use the Enable-PSSessionConfiguration and Disable-PSSessionConfiguration cmdlets to enable and disable session configurations for all users. +The `Disable-PSRemoting` cmdlet prevents users on other computers from running PowerShell commands +on the local computer. + +`Disable-PSRemoting` blocks remote access to all PowerShell session configurations on the local +computer. This prevents remote users from creating temporary or persistent PowerShell sessions to +the local computer. `Disable-PSRemoting` does not prevent remote users from creating Windows +PowerShell sessions to the local computer. To disable both PowerShell and Windows PowerShell session +configurations run `Disable-PSRemoting` in Windows PowerShell on the local computer. +`Disable-PSRemoting` does not prevent users of the local computer from creating sessions +(**PSSessions**) on the local computer or remote computers. + +To re-enable remote access to all PowerShell session configurations, use the `Enable-PSRemoting` +cmdlet. To re-enable remote access to all session configurations, including Windows PowerShell +configurations, run `Enable-PSRemoting` in Windows PowerShell on the local computer. To enable +remote access to selected session configurations, use the **AccessMode** parameter of the +`Set-PSSessionConfiguration` cmdlet. You can also use the `Enable-PSSessionConfiguration` and +`Disable-PSSessionConfiguration` cmdlets to enable and disable session configurations for all users. For more information about session configurations, see [about_Session_Configurations](About/about_Session_Configurations.md). -In Windows PowerShell 2.0, **Disable-PSRemoting** prevents all users from creating user-managed sessions to the local computer. -In Windows PowerShell 3.0, **Disable-PSRemoting** prevents users on other computers from creating user-managed sessions on the local computer, but allows users of the local computer to create user-managed loopback sessions. - To run this cmdlet, start PowerShell with the Run as administrator option. > [!NOTE] -> This command appears only on PowerShell running on the Windows platform. It is not available on Linux or MacOS versions. - -> [!CAUTION] -> On systems that have both Windows PowerShell 3.0 and the Windows PowerShell 2.0 engine, do not use Windows PowerShell 2.0 to run the **Enable-PSRemoting** and **Disable-PSRemoting** cmdlets. -> The commands might appear to succeed, but the remoting is not configured correctly. -> Remote commands, and later attempts to enable and disable remoting, are likely to fail. +> This command appears only on PowerShell running on the Windows platform. It is not +> available on Linux or MacOS versions. ## EXAMPLES -### Example 1: Prevent remote access to all session configurations -``` -PS C:\> Disable-PSRemoting +### Example 1: Prevent remote access to all PowerShell session configurations +```powershell +Disable-PSRemoting ``` This command prevents remote access to all session configurations on the computer. -### Example 2: Prevent remote access to all session configurations without confirmation prompt -``` -PS C:\> Disable-PSRemoting -Force +### Example 2: Prevent remote access to all PowerShell session configurations without confirmation prompt +```powershell +Disable-PSRemoting -Force ``` This command prevents remote access all session configurations on the computer without prompting. ### Example 3: Effects of running this cmdlet +```powershell +Disable-PSRemoting -Force +New-PSSession -ComputerName localhost -ConfigurationName PowerShell.6 ``` -PS C:\> Disable-PSRemoting -Force - - -[ADMIN] PS C:\> New-PSSession -ComputerName localhost - -Id Name ComputerName State Configuration Availability --- ---- ------------ ----- ------------- ------------ -1 Session1 Server02... Opened Microsoft.PowerShell Available -# On Server02 remote computer: -PS C:\> New-PSSession -ComputerName Server01 - -[SERVER01] Connecting to remote server failed with the following error -message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. -+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException -+ FullyQualifiedErrorId : PSSessionOpenFailed +```Output +WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps: + 1. Stop and disable the WinRM service. + 2. Delete the listener that accepts requests on any IP address. + 3. Disable the firewall exceptions for WS-Management communications. + 4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to members of the Administrators group on the computer. + +New-PSSession : [localhost] Connecting to remote server localhost failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. +At line:1 char:1 ++ New-PSSession -ComputerName localhost -ConfigurationName PowerShell.6 ++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ CategoryInfo : OpenError: (System.Management.A\u2026tion.RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException ++ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed ``` -This example shows the effect of using the **Disable-PSRemoting** cmdlet. +This example shows the effect of using the `Disable-PSRemoting` cmdlet. To run this command sequence, start PowerShell with the Run as administrator option. -The first command uses the **Disable-PSRemoting** cmdlet to disable all registered session configurations on the Server01 computer. - -The second command uses the New-PSSession cmdlet to create a remote session to the local computer (also known as a "loopback"). -The command succeeds. +The first command uses the `Disable-PSRemoting` cmdlet to disable all registered session +configurations on the local computer. -The third command is run on the Server02 remote computer. -The command uses the **New-PSSession** cmdlet to create a session to the Server01 remote computer. -Because remote access is disabled, the command fails. +The second command uses the `New-PSSession` cmdlet to create a remote session to the local computer +(also known as a "loopback"). Because remote access is disabled on the local machine, the command +fails. ### Example 4: Effects of running this cmdlet and Enable-PSRemoting -``` -PS C:\> Disable-PSRemoting -force - -[ADMIN] PS C:\> Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Auto +```powershell +Disable-PSRemoting -force +Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Auto -Name Permission ----- ---------- -microsoft.powershell NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.powershell.workflow NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.powershell32 NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.ServerManager NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -WithProfile NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed - - -[ADMIN] PS C:\> Enable-PSRemoting -Force -WinRM already is set up to receive requests on this machine. -WinRM already is set up for remote management on this machine. +Enable-PSRemoting -Force +Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Auto +``` -[ADMIN] PS C:\> Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Auto +```Output +Name Permission +---- ---------- +PowerShell.6 NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed ... +PowerShell.6.2.0 NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed ... -Name Permission ----- ---------- -microsoft.powershell BUILTIN\Administrators AccessAllowed -microsoft.powershell.workflow BUILTIN\Administrators AccessAllowed -microsoft.powershell32 BUILTIN\Administrators AccessAllowed -microsoft.ServerManager BUILTIN\Administrators AccessAllowed -WithProfile BUILTIN\Administrators AccessAllowed +Name Permission +---- ---------- +PowerShell.6 NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed ... +PowerShell.6.2.0 NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed ... ``` -This example shows the effect on the session configurations of using the **Disable-PSRemoting** and **Enable-PSRemoting** cmdlets. +This example shows the effect on the session configurations of using the `Disable-PSRemoting` and +`Enable-PSRemoting` cmdlets. -The first command uses the **Disable-PSRemoting** cmdlet to disable remote access to all session configurations. -The *Force* parameter suppresses all user prompts. +The first command uses the `Disable-PSRemoting` cmdlet to disable remote access to all session configurations. +The **Force** parameter suppresses all user prompts. -The second command uses the Get-PSSessionConfiguration cmdlet to display the session configurations on the computer. -The command uses a pipeline operator to send the results to a Format-Table command, which displays only the Name and Permission properties of the configurations in a table. +The second command uses the `Get-PSSessionConfiguration` cmdlet to display the session configurations +on the computer. The command uses a pipeline operator to send the results to a `Format-Table` command, +which displays only the Name and Permission properties of the configurations in a table. -The output shows that only remote users are denied access to the configurations. -Members of the Administrators group on the local computer are allowed to use the session configurations. -The output also shows that the command affects all session configurations that includes the user-created WithProfile session configuration. +The output shows that only remote users are denied access to the configurations. Members of the +Administrators group on the local computer are allowed to use the session configurations. The output +also shows that the command affects all PowerShell session configurations that includes the +user-created WithProfile session configuration. -The third command uses the **Enable-PSRemoting** cmdlet to re-enable remote access to all session configurations on the computer. -The command uses the *Force* parameter to suppress all user prompts and to restart the WinRM service without prompting. +The third command uses the `Enable-PSRemoting` cmdlet to re-enable remote access to all session +configurations on the computer. The command uses the **Force** parameter to suppress all user +prompts and to restart the WinRM service without prompting. -The fourth command uses the **Get-PSSessionConfiguration** and **Format-Table** cmdlets to display the names and permissions of the session configurations. -The results show that the AccessDenied security descriptors have been removed from all session configurations. +The fourth command uses the `Get-PSSessionConfiguration` and `Format-Table` cmdlets to display the +names and permissions of the session configurations. The results show that the **AccessDenied** security +descriptors have been removed from all session configurations. ### Example 5: Prevent remote access to session configurations that have custom security descriptors -``` -PS C:\> Register-PSSessionConfiguration -Name Test -FilePath .\TestEndpoint.pssc -ShowSecurityDescriptorUI +```powershell +Register-PSSessionConfiguration -Name Test -FilePath .\TestEndpoint.pssc -ShowSecurityDescriptorUI -Force +Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Wrap -[ADMIN] PS C:\> Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Wrap - -Name Permission ----- ---------- -microsoft.powershell BUILTIN\Administrators AccessAllowed -Test NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, -DOMAIN01\User01 AccessAllowed - -[ADMIN] PS C:\> Disable-PSRemoting -Force - - -[ADMIN] PS C:\> Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Wrap - -Name Permission ----- ---------- -microsoft.powershell NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -Test NT AUTHORITY\NETWORK AccessDenied, NTAUTHORITY\INTERACTIVE AccessAllowed, -BUILTIN\Administrators AccessAllowed, DOMAIN01\User01 AccessAllowed +Disable-PSRemoting -Force +Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Wrap +New-PSSession -ComputerName localhost -ConfigurationName Test +``` -# Domain01\User01 +```Output + +Name Permission +---- ---------- +PowerShell.6 NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, ... +PowerShell.6.2.0 NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, ... +Test NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, AccessAllowed + +WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps: + 1. Stop and disable the WinRM service. + 2. Delete the listener that accepts requests on any IP address. + 3. Disable the firewall exceptions for WS-Management communications. + 4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to members of the Administrators group on the computer. + +Name Permission +---- ---------- +PowerShell.6 NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, ... +PowerShell.6.2.0 NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, ... +Test NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, ... + +New-PSSession : [localhost] Connecting to remote server localhost failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. +At line:1 char:1 ++ New-PSSession -ComputerName localhost -ConfigurationName Test ++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ CategoryInfo : OpenError: (System.Management.A\u2026tion.RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException ++ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed -PS C:\> New-PSSession -ComputerName Server01 -ConfigurationName Test -[Server01] Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Rem -ote_Troubleshooting Help topic. -+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException -+ FullyQualifiedErrorId : PSSessionOpenFailed ``` -This example demonstrates that the **Disable-PSRemoting** cmdlet disables remote access to all session configurations that include session configurations with custom security descriptors. +This example demonstrates that the `Disable-PSRemoting` cmdlet disables remote access to all session +configurations that include session configurations with custom security descriptors. -The first command uses the Register-PSSessionConfiguration cmdlet to create the Test session configuration. -The command uses the *FilePath* parameter to specify a session configuration file that customizes the session and the *ShowSecurityDescriptorUI* parameter to display a dialog box that sets permissions for the session configuration. -In the Permissions dialog box, we create custom full-access permissions for the Domain01\User01 user. +The first command uses the `Register-PSSessionConfiguration` cmdlet to create the Test session +configuration. The command uses the **FilePath** parameter to specify a session configuration file +that customizes the session and the **ShowSecurityDescriptorUI** parameter to display a dialog box +that sets permissions for the session configuration. In the Permissions dialog box, we create custom +full-access permissions for the indicated user. -The second command uses the **Get-PSSessionConfiguration** and **Format-Table** cmdlets to display the session configurations and their properties. -The output shows that the Test session configuration allows interactive access and special permissions for the Domain01\User01 user. +The second command uses the `Get-PSSessionConfiguration` and `Format-Table` cmdlets to display the +session configurations and their properties. The output shows that the Test session configuration +allows interactive access and special permissions for the indicated user. -The third command uses the **Disable-PSRemoting** cmdlet to disable remote access to all session configurations. +The third command uses the `Disable-PSRemoting` cmdlet to disable remote access to all session +configurations. -The fourth command uses the **Get-PSSessionConfiguration** and **Format-Table** cmdlets to display the session configurations and their properties. -The output shows that an AccessDenied security descriptor for all network users is added to all session configurations that includes the Test session configuration. -Although the other security descriptors are not changed, the "network_deny_all" security descriptor takes precedence. +The fourth command uses the `Get-PSSessionConfiguration` and `Format-Table` cmdlets to display the +session configurations and their properties. The output shows that an **AccessDenied** security +descriptor for all network users is added to all session configurations that includes the Test +session configuration. Although the other security descriptors are not changed, the +"network_deny_all" security descriptor takes precedence. -The fifth command shows that the **Disable-PSRemoting** command prevents even the Domain01\User01 user who has special permissions to the Test session configuration from using the Test session configuration to connect to the computer remotely. +The fifth command shows that the `Disable-PSRemoting` command prevents even the user who has special +permissions to the Test session configuration from using the Test session configuration to connect +to the computer remotely. ### Example 6: Re-enable remote access to selected session configurations -``` -PS C:\> Disable-PSRemoting -Force +```powershell +Disable-PSRemoting -Force +Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Auto +Set-PSSessionConfiguration -Name PowerShell.6 -AccessMode Remote -Force +Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Auto +``` -[ADMIN] PS C:\> Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Auto - -Name Permission ----- ---------- -microsoft.powershell NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.powershell.workflow NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.powershell32 NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.ServerManager NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -WithProfile NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed +```Output +WARNING: Disabling the session configurations does not undo all the changes made by the Enable-PSRemoting or Enable-PSSessionConfiguration cmdlet. You might have to manually undo the changes by following these steps: + 1. Stop and disable the WinRM service. + 2. Delete the listener that accepts requests on any IP address. + 3. Disable the firewall exceptions for WS-Management communications. + 4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to members of the Administrators group on the computer. -[ADMIN] PS C:\> Set-PSSessionConfiguration -Name Microsoft.ServerManager -AccessMode Remote -Force +Name Permission +---- ---------- +PowerShell.6 NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Adm ... +PowerShell.6.2.0 NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Adm ... -[ADMIN] PS C:\> Get-PSSessionConfiguration | Format-Table -Property Name, Permission -Auto +Name Permission +---- ---------- +PowerShell.6 NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\ ... +PowerShell.6.2.0 NT AUTHORITY\NETWORK AccessDenied, NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Adm ... -Name Permission ----- ---------- -microsoft.powershell NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.powershell.workflow NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.powershell32 NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed -microsoft.ServerManager BUILTIN\Administrators AccessAllowed -WithProfile NT AUTHORITY\NETWORK AccessDenied, BUILTIN\Administrators AccessAllowed ``` This example shows how to re-enable remote access only to selected session configurations. -The first command uses the **Disable-PSRemoting** cmdlet to disable remote access to all session configurations. +The first command uses the `Disable-PSRemoting` cmdlet to disable remote access to all session +configurations. -The second command uses the **Get-PSSessionConfiguration** and **Format-Table** cmdlets to display the session configurations and their properties. -The output shows that an AccessDenied security descriptor for all network users is added to all session configurations. +The second command uses the `Get-PSSessionConfiguration` and `Format-Table` cmdlets to display the +session configurations and their properties. The output shows that an **AccessDenied** security +descriptor for all network users is added to all session configurations. -The third command uses the **Set-PSSessionConfiguration** cmdlet. -The command uses the *AccessMode* parameter with a value of Remote to enable remote access to the Microsoft.ServerManager session configuration. -You can also use the *AccessMode* parameter to enable Local access and to disable session configurations. +The third command uses the `Set-PSSessionConfiguration` cmdlet. The command uses the **AccessMode** +parameter with a value of Remote to enable remote access to the PowerShell.6 session configuration. +You can also use the **AccessMode** parameter to enable Local access and to disable session +configurations. -The fourth command uses the **Get-PSSessionConfiguration** and **Format-Table** cmdlets to display the session configurations and their properties. -The output shows that the AccessDenied security descriptor for all network users is removed, thereby restoring remote access to the Microsoft.ServerManager session configuration. +The fourth command uses the `Get-PSSessionConfiguration` and `Format-Table` cmdlets to display the +session configurations and their properties. The output shows that the **AccessDenied** security +descriptor for all network users is removed, thereby restoring remote access to the PowerShell.6 +session configuration. ## PARAMETERS ### -Confirm + Prompts you for confirmation before running the cmdlet. ```yaml @@ -249,6 +268,7 @@ Accept wildcard characters: False ``` ### -Force + Forces the command to run without asking for user confirmation. ```yaml @@ -264,6 +284,7 @@ Accept wildcard characters: False ``` ### -WhatIf + Shows what would happen if the cmdlet runs. The cmdlet is not run. @@ -280,47 +301,40 @@ Accept wildcard characters: False ``` ### CommonParameters + This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS ### None -You cannot pipe input to this cmdlet. + +You cannot pipe any objects to this cmdlet. ## OUTPUTS ### None -This cmdlet does not return any object. - -## NOTES -* Disabling the session configurations does not undo all the changes that were made by the **Enable-PSRemoting** or **Enable-PSSessionConfiguration** cmdlets. You might have to undo the following changes manually. - 1. -Stop and disable the WinRM service. +This cmdlet does not generate any output. - 2. -Delete the listener that accepts requests on any IP address. +## NOTES - 3. -Disable the firewall exceptions for WS-Management communications. +- Disabling the session configurations does not undo all the changes that were made by the + `Enable-PSRemoting` or `Enable-PSSessionConfiguration` cmdlets. You might have to undo the + following changes manually. - 4. -Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to members of the Administrators group on the computer. + 1. Stop and disable the WinRM service. - A session configuration is a group of settings that define the environment for a session. -Every session that connects to the computer must use one of the session configurations that are registered on the computer. -By denying remote access to all session configurations, you effectively prevent remote users from establishing sessions that connect to the computer. + 2. Delete the listener that accepts requests on any IP address. - In Windows PowerShell 2.0, **Disable-PSRemoting** adds a Deny_All entry to the security descriptors of all session configurations. -This setting prevents all users from creating user-managed sessions to the local computer. -In Windows PowerShell 3.0, **Disable-PSRemoting** adds a Network_Deny_All entry to the security descriptors of all session configurations. -This setting prevents users on other computers from creating user-managed sessions on the local computer, but allows users of the local computer to create user-managed loopback sessions. + 3. Disable the firewall exceptions for WS-Management communications. - In Windows PowerShell 2.0, **Disable-PSRemoting** is the equivalent of `Disable-PSSessionConfiguration -Name *`. -In Windows PowerShell 3.0 and later releases, **Disable-PSRemoting** is the equivalent of `Set-PSSessionConfiguration -Name \ -AccessMode Local` + 4. Restore the value of the LocalAccountTokenFilterPolicy to 0, which restricts remote access to + members of the Administrators group on the computer. - In Windows PowerShell 2.0, **Disable-PSRemoting** is a function. -Beginning in Windows PowerShell 3.0, it is a cmdlet. +- A session configuration is a group of settings that define the environment for a session. Every + session that connects to the computer must use one of the session configurations that are + registered on the computer. By denying remote access to all session configurations, you + effectively prevent remote users from establishing sessions that connect to the computer. ## RELATED LINKS @@ -334,4 +348,4 @@ Beginning in Windows PowerShell 3.0, it is a cmdlet. [Set-PSSessionConfiguration](Set-PSSessionConfiguration.md) -[Unregister-PSSessionConfiguration](Unregister-PSSessionConfiguration.md) \ No newline at end of file +[Unregister-PSSessionConfiguration](Unregister-PSSessionConfiguration.md)