Prevents the computer from receiving remote Windows PowerShell commands.

Syntax

  Copy Code
Disable-PSRemoting [-Force] [-Confirm] [-WhatIf] [<CommonParameters>]

Description

The Disable-PSRemoting function disables all session configurations on the local computer by adding a "deny all" entry to their security descriptors. This prevents the local computer from receiving remote commands.

Disable-PSRemoting does not stop the WinRM service and it does not prevent users of the local computer from establishing sessions that connect to remote computers or sending commands to other computers.

To re-enable the session configurations, use the Enable-PSRemoting or Enable-PSSessionConfiguration cmdlets.

To run this function on Windows Vista, Windows Server 2008, and later versions of Windows, you must open Windows PowerShell with the "Run as administrator" option.

Parameters

-Force

Suppresses all user prompts. By default, you are prompted to confirm each operation.

Required?

false

Position?

named

Default Value

False

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before executing the command.

Required?

false

Position?

named

Default Value

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Describes what would happen if you executed the command without actually executing the command.

Required?

false

Position?

named

Default Value

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This command supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, OutBuffer, OutVariable, WarningAction, and WarningVariable. For more information, see about_CommonParameters.

Inputs and Outputs

The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet returns.

Inputs

None

You cannot pipe input to this cmdlet.

Outputs

None

This cmdlet does not return any object.

Notes

A session configuration is a group of settings that define the environment for a session. The session configurations are located on the remote computer and are used by local and remote sessions that connect to the computer.

Every session that connects to the computer must use one of the session configurations that are registered on the computer. This includes persistent sessions that you create by using New-PSSession or Enter-PSSession cmdlets, and the temporary sessions that Windows PowerShell creates when you use the ComputerName parameter of a cmdlet that uses WS-Management remoting technology, such as Invoke-Command. By denying access to all session configurations, you effectively prevent all users from establishing sessions that connect to the computer.

Disable-PSRemoting is the equivalent of "Disable-PSSessionConfiguration -name *.

Example 1

  Copy Code
C:\PS>disable-psremoting

Description
-----------
This command disables all session configurations on the computer.






Example 2

  Copy Code
C:\PS>disable-psremoting -force

Description
-----------
This command disables all session configurations on the computer without prompting.






Example 3

  Copy Code
C:\PS>disable-psremoting -force

C:\PS> new-pssession -computername localhost

[localhost] Connecting to remote server failed with the following error
message : Access is denied. For more information, see the about_Remote_Troub
leshooting Help topic.
	+ CategoryInfo		: OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
	+ FullyQualifiedErrorId : PSSessionOpenFailed


C:\PS> new-pssession -computername Server01

 Id Name	 ComputerName	State	Configuration		 Availability
 -- ----	 ------------	-----	-------------		 ------------
  1 Session1   Server01...	 Opened   Microsoft.PowerShell	 Available


C:\PS> enable-pssessionConfiguration -name * -force

C:\PS> new-pssession -computername localhost

 Id Name	 ComputerName	State	Configuration		 Availability
 -- ----	 ------------	-----	-------------		 ------------
  1 Session1   localhost	 Opened   Microsoft.PowerShell	 Available

Description
-----------
This example shows the effect of using Disable-PSRemoting.

The first command uses Disable-PSRemoting to disable all registered session configurations on the local computer.

The second command uses the New-PSSession to create a remote session to the local computer (also known as a "loopback"). Because the session configurations that session requires are disabled, the command fails.

The third command uses the New-PSSession cmdlet to create a session from the local computer to the Server01 remote computer. This command, which uses the session configurations on the remote computer, succeeds. 

The fourth command uses the Enable-PSSessionConfiguration cmdlet to re-enable all of the session configurations on the local computer. The command uses a value of * (all) in the Name parameter. 

The fifth command attempts again to establish a loopback session by using the New-PSSession cmdlet. This time the command succeeds, because the session configuration that requires are enabled.






Example 4

  Copy Code
C:\PS>disable-psremoting -force

C:\PS> get-psSessionConfiguration | format-table -property name, permission -auto

Name				 Permission
----				 ----------
microsoft.powershell   Everyone AccessDenied, BUILTIN\Administrators AccessAllowed
microsoft.powershell32 Everyone AccessDenied, BUILTIN\Administrators AccessAllowed

C:\PS> enable-psremoting -force
WinRM already is set up to receive requests on this machine.
WinRM already is set up for remote management on this machine.

C:\PS>> Get-PSSessionConfiguration | ft name, Permission -auto

Name				 Permission
----				 ----------
microsoft.powershell   BUILTIN\Administrators AccessAllowed
microsoft.powershell32 BUILTIN\Administrators AccessAllowed

Description
-----------
This example shows the effect on the session configurations of using Disable-PSRemoting and Enable-PSRemoting.

The first command uses the Disable-PSRemoting function to disable all registered session configurations. The force parameter suppresses all user prompts.

The second command uses the Get-PSSessionConfiguration cmdlet to display the registered session configurations on the computer. The command uses a pipeline operator to send the results to a Format-Table command, which displays only the Name and Permission properties of the configurations in a table.

The resulting table shows that everyone is denied permission to the configurations.

The third command uses the Enable-PSRemoting cmdlet to re-enable all of the session configurations on the computer. You can also use an "Enable-PsSessionConfiguration -name *" command. The command uses the Force parameter to suppress all user prompts and to restart the WinRM service without prompting.

The fourth command uses Get-PSSessionConfiguration and Format-Table to display the names and permissions of the session configurations. The results show that members of the Administrators group now have access to the session configurations.






See Also