Allow PowerShell remote access only from one address
Like explained in this article: Enabling PowerShell remoting for only a specified set of IP addresses.
(for each client pc1/pc2/pc...) you have to:
enable-psremoting
next: remove the winrm-listener that was created by enable-psremoting
Remove-WSManInstance winrm/config/Listener -SelectorSet @{Address="*";Transport="http"}
now the machine listens to nobody, so you have to create a new listener for the admin-client
New-WSManInstance winrm/config/Listener -SelectorSet @{Address="IP:10.11.12.13";Transport="http"}
now restart the winrm service
spsv winrm -pass | sasv -pass |gsv #*
(you have to run PowerShell as admin)
\*
*spsv = stop-service // sasv = start-service // gsv = get-service // -pass = -passThrough*
Maybe the Powershell "trustedhosts" list is you want?
You cant remote into a machine if you are not on the trustedhosts-list
Start the Powershell console as administrator
run this command:
get-item wsman:\localhost\client\trustedhosts
The "value" hast to be that IP adress or name of the admin client. To set this value run:
set-item wsman:\localhost\client\trustedhosts 192.168.1.2
(if there is already one value or if you have to admin-clients:
set-item wsman:\localhost\client\trustedhosts -concatenate admin02pcName
)
Of course, wildcards are allowed
You can abbreviate get-item
with gi
and set-item
with si
and -concatenate
with -concat