Enabling PowerShell remoting fails due to Public network connection type

If the network connection type is set to Public, enabling PowerShell remoting might fail because by default, PowerShell expects domain or private connection types.

If you try to enable PowerShell remoting on a PowerShell console with Enable-PSRemoting ‑Force, you will sometimes receive the error message below:

WinRM firewall exception will not work ^

Set-WSManQuickConfig : ... WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again. ...
The reason is that the computer will allow connections with other devices in the same network if the network connection type is Public. Microsoft considers it as a security risk if you enable PowerShell remoting in a Public network.

You can verify your current connection type settings in the Control Panel: Control Panel\Network and Internet\Network and Sharing Center

Viewing networking connection type in the Control Panel

Viewing networking connection type in the Control Panel

You can also check your profile settings with the PowerShell cmdlet Get-NetConnectionProfile. The NetworkCategory property corresponds to the network connection type.

Displaying the network connection type with PowerShell

Displaying the network connection type with PowerShell

This problem can even occur if your computer is an Active Directory member. If you've previously signed on to the member machine, Windows will cache your credentials, and you can log on without an available domain controller. In that case, Windows will automatically set your connection type to Public.

If a domain controller has authenticated you, it will set the network category to DomainAuthenticated:

NetworkCategory is set to DomainAuthenicated

NetworkCategory is set to DomainAuthenicated

Skipping the network profile check ^

In this case, PowerShell won't throw an error if you enable remoting. However, if a domain controller hasn't authenticated your computer, you have two options.

With the SkipNetworkProfileCheck parameter, you can just ignore the warning:

The Force parameter avoids the confirmation prompt.

Using the SkipNetworkProfileCheck parameter

Using the SkipNetworkProfileCheck parameter

Changing the network connection type with PowerShell ^

However, this option poses a security risk because Windows enables network discovery features for your computer. Thus, it is better to change the connection type manually to Private:

Changing the network connection type to private

Changing the network connection type to private

Notice that you can't set the NetworkCategory property to DomainAuthenticated. If you try, PowerShell will return an error:

Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be set automatically when authenticated to a domain network.

Notice that if your computer is not a domain member, you have to consider a few other things if you enable PowerShell remoting.

4+
avatar

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

6 Comments
  1. julo 1 year ago

    Hi,
    Is there any way how can WinRM run on Public profile?
    It looks that Enable-PSRemoting -SkipNetworkProfileCheck does not help. After running it says that everything is ok, but "winrm quickconfig" returns WinRM firewall exception will not work since one of the network connection types on this machine is set to Public
    Thanks

    2+

  2. Rasto 8 months ago

    We have VM with W10.1909, 1 interface DomainAuthenticated, winrm qc returns error 0x80338169.

    Enable-PSRemoting -SkipNetworkProfileCheck worked, but why no previously - some explanation?

    Thanks.

    0

    • Author

      Because the network connection types on this machine was set to Public?

      0

      • Rasto 8 months ago

        No, there is only one network connection showing ConnectionType as DomainAuthenticated (Domain Network in NetworkSharingCenter), and still error. Why? (Your solution solved it, but I would know why error when there is no Public Profile).

        Thanks.  R.H.

        0

        • Author

          If -SkipNetworkProfileCheck worked, then the network connection type most likely was set to Public. Sometimes this happens with domain joined machines if the connection to the domain controllers is lost. Even if the DCs are available again the setting can still be in the cache. Considering how unreliable Microsoft software is these days, it can also be a bug.

          0

  3. cesar 3 months ago

    Thanks, this command solved my problem

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account