If the network connection type is set to Public, enabling PowerShell remoting might fail because by default, PowerShell expects domain or private connection types.

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.

If you try to enable PowerShell remoting on a PowerShell console with Enable-PSRemoting ‑Force, you will sometimes receive the error message below:

WinRM firewall exception will not work ^

Set-WSManQuickConfig : ... WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again. ...
The reason is that the computer will allow connections with other devices in the same network if the network connection type is Public. Microsoft considers it as a security risk if you enable PowerShell remoting in a Public network.

You can verify your current connection type settings in the Control Panel: Control Panel\Network and Internet\Network and Sharing Center

Viewing networking connection type in the Control Panel

Viewing networking connection type in the Control Panel

You can also check your profile settings with the PowerShell cmdlet Get-NetConnectionProfile. The NetworkCategory property corresponds to the network connection type.

Displaying the network connection type with PowerShell

Displaying the network connection type with PowerShell

This problem can even occur if your computer is an Active Directory member. If you've previously signed on to the member machine, Windows will cache your credentials, and you can log on without an available domain controller. In that case, Windows will automatically set your connection type to Public.

If a domain controller has authenticated you, it will set the network category to DomainAuthenticated:

NetworkCategory is set to DomainAuthenicated

NetworkCategory is set to DomainAuthenicated

Skipping the network profile check ^

In this case, PowerShell won't throw an error if you enable remoting. However, if a domain controller hasn't authenticated your computer, you have two options.

With the SkipNetworkProfileCheck parameter, you can just ignore the warning:

The Force parameter avoids the confirmation prompt.

Using the SkipNetworkProfileCheck parameter

Using the SkipNetworkProfileCheck parameter

Changing the network connection type with PowerShell ^

However, this option poses a security risk because Windows enables network discovery features for your computer. Thus, it is better to change the connection type manually to Private:

Changing the network connection type to private

Changing the network connection type to private

Notice that you can't set the NetworkCategory property to DomainAuthenticated. If you try, PowerShell will return an error:

Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be set automatically when authenticated to a domain network.

Notice that if your computer is not a domain member, you have to consider a few other things if you enable PowerShell remoting.

Win the monthly 4sysops member prize for IT pros

Share
1+

Users who have LIKED this post:

  • avatar

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account