Details
Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them.
The recommended state for this setting is: Disabled.
Rationale:
Features that enable inbound network connections increase the attack surface. In a high security environment, management of secure workstations should be handled locally.
Impact:
The ability to remotely manage the system with WinRM will be lost.
Note: Many remote administration tools, such as System Center Configuration Manager (SCCM), may require the WinRM service to be operational for remote management.
Solution
To establish the recommended configuration via GP, set the following UI path to: Disabled.
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsSystem ServicesWindows Remote Management (WS-Management)
Default Value:
Manual
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.