Today I was trying to Enter-PSSession on a remote machine, from my machine that is not joined to the same domain, and I start getting all kind of authentication error. Basically the problem reside on YOUR machine, not on the server, windows server 2012 has the remoting enabled by default (of course you need to open firewall as well), so what’s the problem? By default, local machine allow remote ps only using Kerberos, and to allow other kind of connection you need to trust the remote machine, but how?
You need to set the TrustedHosts! (to use HTTP protocol, see below for a more secure approach using HTTPS)
To see what’s in the trusted host you can use the Get-Item command:
And here’s how to set the value with the Set-Item command:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
Here I’ve set to trust all the remote end-points, so the system does not bore me again, obviously this could harm your computer.
The TrustedHosts item, contains a comma separated value, so to add more server you have to provider a CSV, for instance:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.5.1.1,10.5.1.2" -Force
To clear the trusted host you can use the Clear-Item command as follow:
Clear-Item WSMan:\localhost\Client\TrustedHosts -Force
If you don’t specify -Force, you will be warned before continue with the command.
Now you can run your commands remotely on the target machine:
Enter-PSSession -ComputerName 10.5.1.1 -Credential firstname.lastname@example.org
If you plan to use HTTP this guide is fine, however I strongly recommend to implement HTTPS for encrypting the traffic between the client and remote server.