Latest posts by Michael Pietroforte (see all)
- Author and member of the year 2019 – Why DevOps still doesn't rule the IT world - Wed, Jan 1 2020
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
If you try to enable PowerShell remoting on a PowerShell console with Enable-PSRemoting ‑Force, you will sometimes receive the error message below:
WinRM firewall exception will not work ^
Set-WSManQuickConfig : ... WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again. ...
The reason is that the computer will allow connections with other devices in the same network if the network connection type is Public. Microsoft considers it as a security risk if you enable PowerShell remoting in a Public network.
You can verify your current connection type settings in the Control Panel: Control Panel\Network and Internet\Network and Sharing Center
You can also check your profile settings with the PowerShell cmdlet Get-NetConnectionProfile. The NetworkCategory property corresponds to the network connection type.
This problem can even occur if your computer is an Active Directory member. If you've previously signed on to the member machine, Windows will cache your credentials, and you can log on without an available domain controller. In that case, Windows will automatically set your connection type to Public.
If a domain controller has authenticated you, it will set the network category to DomainAuthenticated:
Skipping the network profile check ^
In this case, PowerShell won't throw an error if you enable remoting. However, if a domain controller hasn't authenticated your computer, you have two options.
With the SkipNetworkProfileCheck parameter, you can just ignore the warning:
Enable-PSRemoting -SkipNetworkProfileCheck -Force
The Force parameter avoids the confirmation prompt.
Changing the network connection type with PowerShell ^
However, this option poses a security risk because Windows enables network discovery features for your computer. Thus, it is better to change the connection type manually to Private:
Set-NetConnectionProfile -NetworkCategory Private
Notice that you can't set the NetworkCategory property to DomainAuthenticated. If you try, PowerShell will return an error:
Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be set automatically when authenticated to a domain network.
Notice that if your computer is not a domain member, you have to consider a few other things if you enable PowerShell remoting.