The issue lays with the Windows Network Location Type as it is assigned to each network the computer is a part of.
There are three Network Location types - Private, Public and Domain. If the computer you want to enable for winrm access is a domain member, the Network Location type for any network the computer is a part of cannot be changed. If the computer is standalone or part of the workgroup, changing the network location type to Public or Private is permitted via the Windows GUI (Control Panel\All Control Panel Items\Network and Sharing Center).
Windows PowerShell Remoting cannot be enabled on a computer if (in the case of multihomed computers) even one of the (active) networks it is a part of is set to Public. For instance if a domain member computer has two nics and accesses two networks, one being used for domain traffic and the second one to connect to a storage device, the second network defaults (in most cases) to Public, thus making the computer unmanageable via Windows Powershell.
To addrss the issue, a PowerShell script has been prepared. The script allows choosing the network to change the location and the desired type of network location, then changes it accordingly. Please note that it may not be possible to change a network location to or from the Domain Type but for Windows Powershell Remoting the "Work" Network type would do.
The script code is shown below between horizontal lines and attached to the KB.
___________________________________________________________________
<#
.Synopsis
Script which changes the Network Location Type both for connected and disconnected networks.
.Description
This is necessary to be able to enable Windows Powershell Remoting as computers that have a even one "Public" network location (if multihomed) cannot be managed due to Windows Remote Powershell Restrictions.
Please note that in most cases you cannot set the Network Location Type to `"Domain`" but, for Windows Remote purposes, `"Work`" will do..
NLM_ENUM_NETWORK_CONNECTED = 0x01,
NLM_ENUM_NETWORK_DISCONNECTED = 0x02,
NLM_ENUM_NETWORK_ALL = 0x03
#>
function get-networks {
param($NetworkLocationType0)
$networks=@()
$nlm.GetNetworks($NLM_ENUM_NETWORK_ALL)| foreach {
$ctype=""
if($_.isconnected){$ctype = "Connected"}else{$ctype="Disconnected"}
$line=[pscustomobject]@{Name=$_.getname();LocationType=$NetworkLocationType.get_item($_.getcategory());ConnectionStatus=$ctype}
$networks+=$line
}
$networks = $networks | sort-object -property connectionstatus,name
return $networks
}
cls
$NLM_ENUM_NETWORK_ALL = 3
$NetworkLocationType=@{2="Domain";1="Work";0="Public"}
Write-Host "Change Network Location Type`r`n----------------------------`r`n"
$networks = get-networks -NetworkLocationType0 $NetworkLocationType
do{
[array]$cons = $networks | Out-GridView -PassThru -Title "Select the connection to change location"
if(!($cons)){Write-host "Exiting...";exit}
}until ($cons.count -eq 1)
$con=$cons[0]
Write-Host "`n`rSelected Network: $($con|out-string)"
$x = $NetworkLocationType.GetEnumerator() | sort-object {$_.name}
do{
[array]$actions = $x| out-gridview -PassThru -title "Change Network Location To [Choose one Location Type only]:"
if(!($actions)){Write-host "Exiting...";exit}
}until ($actions.count -eq 1)
$action=$actions[0]
Write-Host "You have chosen to apply Location Type `"$($action.value)`" to Network `"$($con.name)`" ($($con.ConnectionStatus), currently on `"$($con.LocationType)`")" -f Yellow
[int]$newlocationvalue = $action.name
$selectednetwork = $nlm.GetNetworks($NLM_ENUM_NETWORK_ALL)|where {$_.getname() -eq $con.name}
try{
$selectednetwork.setcategory($newlocationvalue)
}
catch {Write-Host "`r`nError Changing Network Location to $($action.value) ... can't do that!"}
get-networks -NetworkLocation
___________________________________________________________________
