The WS-Management TrustedHosts list is a list of trusted resources for your computer. The TrustedHosts list consists of a comma-separated list of computer names, IP addresses, and fully-qualified domain names. Only members of the Administrators group on the computer have permission to change the list of trusted hosts on the computer. For information about runningWindows PowerShell with administrator permissions, see How to Run as Administrator.
To use the IP address of a remote computer in a Windows PowerShell command to connect to the remote computer, the IP address must be in the TrustedHosts list on your computer. This is a requirement of NTLM authentication, which is used whenever a computer is identified by the IP address instead of a computer name.
To view or change the TrustedHosts list, use the WSMan: drive. The TrustedHosts item is in the WSMan:\localhost\Client node. The value is a comma-separated list of computer names and IP addresses. Wildcards are permitted. To view or change the TrustedHosts list, use the WSMan: drive. The TrustedHosts item is in the WSMan:\localhost\Client node. Only members of the Administrators group on the computer have permission to change the value of the TrustedHosts item.
Caution: |
---|
The value that you set for the TrustedHosts item affects all users of the computer. |
To view the list of TrustedHosts
-
Start Windows PowerShell with the Run as administrator option. For more information, see How to Run as Administrator. This step is required only when you are using the WSMan Provider cmdlet to view or change the configuration of the local computer.
-
Use a Get-Item cmdlet in the TrustedHosts directory of the WSMan: drive.
For example, the following command gets the items in the TrustedHosts directory on the local computer, which is represented by "localhost".
Copy Code get-item wsman:\localhost\Client\TrustedHosts
By default, the TrustedHosts item exists, but its value is empty.
To add all computers to the list of TrustedHosts
-
Start Windows PowerShell with the Run as administrator option. For more information, see How to Run as Administrator. This step is required only when you are using the WSMan Provider cmdlet to view or change the configuration of the local computer.
-
Use a Set-Item cmdlet to add a wildcard character (*) to the value of the TrustedHosts item.
For example, the following command adds all computers to the TrustedHosts list on the local computer.
Copy Code set-item wsman:\localhost\Client\TrustedHosts -value *
To add all computers in a domain to the list of TrustedHosts
-
Start Windows PowerShell with the Run as administrator option. For more information, see How to Run as Administrator. This step is required only when you are using the WSMan Provider cmdlet to view or change the configuration of the local computer.
-
Use a Set-Item cmdlet to add the domain name, preceded by a wildcard character (*), to the value of the TrustedHosts item.
For example, the following command adds all computers in the Fabrikam.com domain to the TrustedHosts list on the local computer.
Copy Code set-item wsman:\localhost\Client\TrustedHosts *.fabrikam.com
To add the names of particular computers to the list of TrustedHosts
-
Start Windows PowerShell with the Run as administrator option. For more information, see How to Run as Administrator. This step is required only when you are using the WSMan Provider cmdlet to view or change the configuration of the local computer.
-
Use a Set-Item cmdlet to add a comma-separated list of computer names to the value of the TrustedHosts item.
For example, the following command format adds particular computers to the TrustedHosts list:
Copy Code set-item wsman:\localhost\Client\TrustedHosts -value <ComputerName>[,<ComputerName>]
where each <ComputerName> value has the following format:
Copy Code <Computer>.<Domain>.<Company>.<top-level-domain>
For example, the following command adds the Server01 computer in Domain01 of Fabrikam.com to the TrustedHosts list on the local computer.
Copy Code set-item wsman:\localhost\Client\TrustedHosts -value Server01.Domain01.Fabrikam.com
To add a computer name to an existing list of TrustedHosts
-
Start Windows PowerShell with the Run as administrator option. For more information, see How to Run as Administrator. This step is required only when you are using the WSMan Provider cmdlet to view or change the configuration of the local computer.
-
Save the current value of the TrustedHosts item in a variable.
For example, the following command uses the Get-Item cmdlet to get the current value of the TrustedHosts command. The command saves the value in the $curValue variable.
Copy Code $curValue = (get-item wsman:\localhost\Client\TrustedHosts).value
-
Use a Set-Item cmdlet to set the value of the TrustedHosts item to a comma-separated list that includes the current and new values.
For example, to add the Server01 computer to an existing list of trusted hosts, use the following command.
Copy Code set-item wsman:\localhost\Client\TrustedHosts -value "$curValue, Server01.Domain01.Fabrikam.com"
To add an IP address to the list of TrustedHosts
-
Start Windows PowerShell with the Run as administrator option. For more information, see How to Run as Administrator. This step is required only when you are using the WSMan Provider to view or change the configuration of the local computer.
-
Use a Set-Item cmdlet to add the IP addresses to the comma-separated list in the value of the TrustedHosts item.
For example, the following command adds an IP address to the value of the TrustedHosts item on the local computer.
Copy Code set-item wsman:\localhost\Client\TrustedHosts -value 172.16.0.0
When adding an IPv6 address, enclose the IP address in brackets.
Copy Code set-item wsman:\localhost\Client\TrustedHosts -value 172.16.0.0, [0:0:0:0:0:0:0:0]
To add a computer name or IP address to the list of TrustedHosts on a remote computer
-
Use a Connect-WSMan cmdlet to add the remote computer to your WSMan: drive.
For example, the following command adds the Server01 computer to the WSMan: drive on the local computer.
Copy Code connect-wsman -computername Server01
-
Use a Set-Item cmdlet to add the 172.16.0.0 IP addresses to the comma-separated list in the value of the TrustedHosts item.
For example, the following command adds the 172.16.0.0 IP addresses to the value of the TrustedHosts item on the Server01 computer.
Copy Code set-item wsman:\Server01\Client\TrustedHosts -value 172.16.0.0, [0:0:0:0:0:0:0:0]