Tag: Computer Configuration

This policy setting configures the maximum total amount of memory in megabytes that can be allocated by any active remote shell and all its child processes. Any value from 0 to 0x7FFFFFFF can be set where 0 equals unlimited memory which means the ability of remote operations to allocate memory is only limited by the available virtual memory. If you enable this policy setting the remote operation is terminated when a new allocation exceeds the specified quota. If you disable or do not configure this policy setting the value 150 is used by default.

This policy setting configures the maximum number of processes a remote shell is allowed to launch. If you enable this policy setting you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes. If you disable or do not configure this policy setting the limit is five processes per shell.

This policy setting is deprecated and has no effect when set to any state: Enabled Disabled or Not Configured.

This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system. Any number from 0 to 0x7FFFFFFF cand be set where 0 means unlimited number of shells. If you enable this policy setting the user cannot open new remote shells if the count exceeds the specified limit. If you disable or do not configure this policy setting by default the limit is set to two remote shells per user.

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client. If you enable this policy setting the WinRM service does not accept Negotiate authentication from a remote client. If you disable or do not configure this policy setting the WinRM service accepts Negotiate authentication from a remote client.

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. If you enable this policy setting the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting the WinRM service accepts Kerberos authentication from a remote client.

This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. If you enable this policy setting the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the identity of the host. If you disable or do not configure this policy setting and the WinRM client needs to use the list of trusted hosts you must configure the list of trusted hosts locally on each computer.

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port. If you enable this policy setting the WinRM service automatically listens on the network for requests on the HTTP transport over the default HTTP port. To allow WinRM service to receive requests over the network configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP). If you disable or do not configure this policy setting the WinRM service will not respond to requests from a remote computer regardless of whether or not any WinRM listeners are configured. The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges. You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used other ranges in the filter are ignored. If the filter is left blank the service does not listen on any addresses. For example if you want the service to listen only on IPv4 addresses leave the IPv6 filter empty. Ranges are specified using the syntax IP1-IP2. Multiple ranges are separated using “” (comma) as the delimiter. Example IPv4 filters: -> n2. 0. 0. 1-2. 0. 0. 20 24. 0. 0. 1-24. 0. 0. 22Example IPv6 filters: -> n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562

This policy setting turns on or turns off an HTTP listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service. If you enable this policy setting the HTTP listener always appears. If you disable or do not configure this policy setting the HTTP listener never appears. When certain port 80 listeners are migrated to WinRM 2. 0 the listener port number changes to 5985. A listener might be automatically created on port 80 to ensure backward compatibility.

This policy setting turns on or turns off an HTTPS listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service. If you enable this policy setting the HTTPS listener always appears. If you disable or do not configure this policy setting the HTTPS listener never appears. When certain port 443 listeners are migrated to WinRM 2. 0 the listener port number changes to 5986. A listener might be automatically created on port 443 to ensure backward compatibility.