{"id":3331,"date":"2009-11-19T16:43:16","date_gmt":"2009-11-19T16:43:16","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/powershell\/2009\/11\/19\/windows-powershell-and-the-windows-management-framework\/"},"modified":"2019-02-18T13:06:05","modified_gmt":"2019-02-18T20:06:05","slug":"windows-powershell-and-the-windows-management-framework","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powershell\/windows-powershell-and-the-windows-management-framework\/","title":{"rendered":"Windows PowerShell and the Windows Management Framework"},"content":{"rendered":"

There\u2019s been a lot of great excitement that\u2019s accompanied the release of PowerShell V2 and Windows Remote Management (WinRM) \u2013 also known as the Windows Management Framework. We\u2019ve also heard the occasional question on whether it\u2019s possible to install them independently.<\/p>\n

When we\u2019ve heard this concern, it is usually focused on security. To be clear, Windows Remote Management (WinRM) has been part of Windows since Vista and Server 2008. It does not listen to network connections by default, and must be explicitly activated. Both have advanced greatly during the release of Windows 7 \u2013 most notably by working together to support a rich PowerShell-based remoting experience.<\/p>\n

The Windows Management Framework download (PowerShell + WinRM) simply updates the binaries on non-Win7 machines to bring them up to the same version already included in Windows 7 and Windows Server 2008 R2.<\/p>\n

Investigating this concern further, it usually comes down to concern about increased network attack surface: automatically opening a network port to accept incoming connections. Installing the Windows Management Framework does not do this automatically. \u201cSecure by Default\u201d is the mantra of both our team, and Microsoft as a whole. Enabling PowerShell Remoting is an explicit step that must be run from an elevated prompt. The command fully informs you of the security implications when you do so:<\/p>\n

\n

[C:\\Windows\\system32]
PS:101 > Enable-PsRemoting<\/font><\/p>\n

WinRM Quick Configuration<\/font><\/p>\n

Running command "Set-WSManQuickConfig" to enable this machine for remote management through WinRM service.<\/font><\/p>\n

This includes:
<\/font>    1. Starting or restarting (if already started) the WinRM service
<\/font>    2. Setting the WinRM service type to auto start
<\/font>    3. Creating a listener to accept requests on any IP address
<\/font>    4. Enabling firewall exception for WS-Management traffic (for http only).<\/font><\/p>\n

Do you want to continue?
<\/font>[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):<\/font><\/p>\n<\/blockquote>\n

While we (and Windows Security, and external security consultants that we hired for analysis and penetration testing) also<\/b> believe in the security of our remoting protocol and the attack surface that it exposes, we focused from the start on letting you make that decision independently.<\/p>\n

 <\/p>\n

Lee Holmes [MSFT]
Windows PowerShell Development
Microsoft Corporation<\/p>\n","protected":false},"excerpt":{"rendered":"

There\u2019s been a lot of great excitement that\u2019s accompanied the release of PowerShell V2 and Windows Remote Management (WinRM) \u2013 also known as the Windows Management Framework. We\u2019ve also heard the occasional question on whether it\u2019s possible to install them independently. When we\u2019ve heard this concern, it is usually focused on security. To be clear, […]<\/p>\n","protected":false},"author":600,"featured_media":13641,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3331","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell"],"acf":[],"blog_post_summary":"

There\u2019s been a lot of great excitement that\u2019s accompanied the release of PowerShell V2 and Windows Remote Management (WinRM) \u2013 also known as the Windows Management Framework. We\u2019ve also heard the occasional question on whether it\u2019s possible to install them independently. When we\u2019ve heard this concern, it is usually focused on security. To be clear, […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/3331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/users\/600"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/comments?post=3331"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/3331\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media\/13641"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media?parent=3331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/categories?post=3331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/tags?post=3331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}