Docs / Windows Server / Managing Windows Server via PowerShell Remoting

Managing Windows Server via PowerShell Remoting

By Admin · Mar 2, 2026 · Updated Apr 24, 2026 · 27 views · 3 min read

Managing Windows Server via PowerShell Remoting

PowerShell Remoting (WinRM) enables you to run commands, scripts, and manage your Kazepute Breeze from a remote workstation. It is the modern replacement for tools like Telnet and provides a secure, encrypted channel for server management.

Prerequisites

  • A Kazepute Breeze running Windows Server 2019 or 2022
  • Administrator access on both the local and remote machines
  • Network connectivity between machines on port 5985 (HTTP) or 5986 (HTTPS)

Enable PowerShell Remoting on the Server

On your Breeze, open an elevated PowerShell prompt:

# Enable PS Remoting (configures WinRM and firewall rules)
Enable-PSRemoting -Force

# Verify WinRM is running
Get-Service WinRM

# Check the WinRM configuration
winrm get winrm/config

Configure WinRM for Remote Access

For non-domain environments (typical for Breezes), configure trusted hosts:

# On the CLIENT machine, add your Breeze IP to trusted hosts
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "YOUR_BREEZE_IP" -Force

# Or allow all hosts (less secure, use for testing only)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

# Allow WinRM through the firewall on the server
New-NetFirewallRule -DisplayName "WinRM HTTP" -Direction Inbound -Protocol TCP -LocalPort 5985 -Action Allow
New-NetFirewallRule -DisplayName "WinRM HTTPS" -Direction Inbound -Protocol TCP -LocalPort 5986 -Action Allow

Connecting to Your Breeze

Use Enter-PSSession for interactive sessions or Invoke-Command for running commands:

# Start an interactive remote session
$cred = Get-Credential
Enter-PSSession -ComputerName YOUR_BREEZE_IP -Credential $cred

# Run a single command remotely
Invoke-Command -ComputerName YOUR_BREEZE_IP -Credential $cred -ScriptBlock {
    Get-Process | Sort-Object CPU -Descending | Select-Object -First 10
}

# Run a local script on the remote server
Invoke-Command -ComputerName YOUR_BREEZE_IP -Credential $cred -FilePath "C:\Scripts\ServerCheck.ps1"

Managing Multiple Breezes

PowerShell Remoting excels at managing multiple servers simultaneously:

# Define your Breeze fleet
$servers = @("10.0.0.10", "10.0.0.11", "10.0.0.12")
$cred = Get-Credential

# Run commands on all servers at once
Invoke-Command -ComputerName $servers -Credential $cred -ScriptBlock {
    Get-ComputerInfo | Select-Object CsName, OsVersion, OsArchitecture
}

# Check disk space on all servers
Invoke-Command -ComputerName $servers -Credential $cred -ScriptBlock {
    Get-PSDrive -PSProvider FileSystem | Select-Object Name, @{N='UsedGB';E={[math]::Round($_.Used/1GB,2)}}, @{N='FreeGB';E={[math]::Round($_.Free/1GB,2)}}
}

Setting Up HTTPS for WinRM

For production use, configure WinRM over HTTPS:

# Create a self-signed certificate
$cert = New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation "cert:\LocalMachine\My"

# Create an HTTPS WinRM listener
New-Item -Path WSMan:\localhost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $cert.Thumbprint -Force

# Connect using HTTPS from the client
Enter-PSSession -ComputerName YOUR_BREEZE_IP -Credential $cred -UseSSL -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)

Persistent Sessions

For long-running management tasks, create persistent sessions:

# Create a persistent session
$session = New-PSSession -ComputerName YOUR_BREEZE_IP -Credential $cred

# Use the session for multiple commands
Invoke-Command -Session $session -ScriptBlock { Get-Service | Where-Object Status -eq Running }
Invoke-Command -Session $session -ScriptBlock { Get-EventLog -LogName System -Newest 20 }

# Copy files to/from the remote server
Copy-Item -Path "C:\Local\script.ps1" -Destination "C:\Remote\" -ToSession $session
Copy-Item -Path "C:\Remote\logs.zip" -Destination "C:\Local\" -FromSession $session

# Clean up
Remove-PSSession $session

Best Practices

  • Always use HTTPS (port 5986) for WinRM in production environments.
  • Restrict WinRM access by IP address using firewall rules.
  • Use dedicated service accounts with limited permissions instead of full administrator credentials.
  • Enable PowerShell script block logging and transcription for auditing.
  • Close sessions when you are done to free server resources.
  • Consider using Just Enough Administration (JEA) to limit what remote users can do.

Was this article helpful?

Related Articles