Configure PowerShell Remoting

Purpose

Allow controlled remote administration from HQ-MGMT01.

On target servers

Run as administrator:

Enable-PSRemoting -Force

Test from HQ-MGMT01

Test-WSMan HQ-DC01
Enter-PSSession HQ-DC01

Firewall

Only allow WinRM from the Management VLAN.

Source	Destination	Ports
Management VLAN	Servers VLAN	TCP 5985 / 5986

Security notes

• Prefer HTTPS WinRM after PKI is deployed.
• Do not allow WinRM from untrusted networks.
• Use admin accounts only when needed.