When attempting to run a Remote Assessment on a Domain Joined target I am unable to make a successful WinRM connection over HTTPS.
Product Name
CIS-CAT Pro Assessor and CIS-CATY Pro Dashboard
Product Version
all
Date
May 18, 2021
Problem
I have followed the Knowledge Base articles below about establishing a remote WinRM connection to my Target device but it is still failing to connect.
Solution
If you are still unable to make the connection over HTTPS but HTTP works and your computer is in an Active Directory - GPOs may be conflicting with your ability to make a remote connection from Host to Target.
Run the following Elevated PowerShell command
PS> Winrm get http://schemas.microsoft.com/wbem/wsman/1/config
Review the content of the Command Line output for any mention of GPO, or any settings which do not match the output of the following
Winrm get
responseThe easiest way to locate a GPO which may be blocking HTTPS WinRM access is to move the Target device into a test OU free from all existing GPOs your Organization has in place.
On the left is the output from a non-domain joined Windows machine which is able to connect to WinRM over HTTPS.
On the right is the output from a domain joined Windows Computer which cannot connect to WinRM over HTTPS due to GPO settings
Please carefully review the articles below for help with WinRM troubleshooting.
Keywords; WinRM GPO Remote Assessment
Content by Label