A quick getting started script to set up a server to allow WinRM remoting - ideal for use with target environments for deployment with TFS and VSTS Release Management remote tasks.
This uses a self-signed certificate and is meant to be a "getting up and running fast" approach, NOT a production-ready approach (you probably want to consider a public trusted certificate and DNS records rather than a self-signed cert and IP addreses.
Complete the following script with your relevant information, and run it on your target machine:
#Enable Remoting Enable-PSRemoting -SkipNetworkProfileCheck -Force #Remove the default HTTP listener Get-ChildItem WSMan:\Localhost\listener | Where -Property Keys -eq "Transport=HTTP" | Remove-Item -Recurse #Create a new self-signed certificate $Cert = New-SelfSignedCertificate -DnsName <MyServerNameOrFQDN> -CertStoreLocation Cert:\LocalMachine\My #Add the new HTTPs listener New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force #Add a new firewall rule for the listener New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" Profile Any -LocalPort 5986 -Protocol TCP #Remove the default HTTP firewall rule Disable-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" #Get the existign trusted hosts $curValue = (get-item wsman:\localhost\Client\TrustedHosts).value #Add your new trusted hosts to the value set-item wsman:\localhost\Client\TrustedHosts -value "$curValue, <my new IP/FQDNs>" #For sanity - list the trusted hosts for a manual check Get-Item WSMan:\localhost\Client\TrustedHosts
If your server is in Azure or on site, you will probably need to open up the 5986 port on your firewall or Network Security Group: