PowerShell Remoting — Allowing Only One Trusted Server
For years, Windows admins used WMIC (Windows Management Instrumentation Command-line) to check hardware and system details. Microsoft is now retiring WMIC because it’s old and no longer updated. Instead, they want everyone to use PowerShell, which is more secure, flexible, and future-proof.
If you use WMIC in scripts or management tools, you’ll need to move to PowerShell commands. This guide shows how to safely allow only one trusted server to run PowerShell commands remotely on another server.
Steps to allow only Server2 to access Server1
Enable-PSRemoting -Force
New-NetFirewallRule -DisplayName “Allow WinRM from Server2” `
-Direction Inbound -Protocol TCP -LocalPort 5985 `
-RemoteAddress 192.168.1.20 -Action Allow
Set-Item WSMan:\localhost\Client\TrustedHosts -Value “Server1”
Enter-PSSession -ComputerName Server1 -Credential (Get-Credential)
Security notes
- Limit access: Restrict which accounts can use remoting with
Set-PSSessionConfiguration. - Audit: Review logs to confirm only Server2 connects.
- Use secure auth: Prefer Kerberos in a domain, or HTTPS with certificates outside a domain.
WMIC vs PowerShell
| Feature | WMIC | PowerShell |
|---|---|---|
| Status | Deprecated, removed in new Windows builds | Actively supported and updated |
| Ease of use | Simple commands, limited flexibility | Rich scripting, automation, modules |
| Security | Legacy, minimal logging | Modern, with auditing and secure remoting |
| Remote management | Basic, less secure | Full remoting via WinRM, Kerberos, HTTPS |
| Future support | None | Long-term Microsoft strategy |
Common WMIC to PowerShell equivalents
How to fully revert PowerShell Remoting (undo all changes)
If you enabled PowerShell Remoting and want to fully undo it, follow these steps. This not only disables remoting but also removes listeners, firewall rules, and resets the LocalAccountTokenFilterPolicy.
1. Stop and disable the WinRM service
Set-Service WinRM -StartupType Disabled
2. Delete the WinRM listener
First, list current listeners; then delete the HTTP listener (port 5985). If you configured HTTPS, remove that too.
3. Disable firewall exceptions for WS-Management
Remove built-in and custom WinRM rules, including any rule you added to allow only Server2.
4. Reset LocalAccountTokenFilterPolicy to default (0)
This restores the default behavior where remote access is restricted for local administrators unless using elevated tokens.
Optional: Start with Disable-PSRemoting
You can start by running the built-in disable command, then perform the manual cleanup above to fully revert.
Verification checklist
- Service:
Get-Service WinRMshows Status = Stopped and StartType = Disabled. - Listeners:
winrm enumerate winrm/config/listenerreturns no active listeners. - Firewall:
Get-NetFirewallRule | Where-Object DisplayName -like "*WinRM*"returns none. - Registry:
LocalAccountTokenFilterPolicyis set to0.
Closing thought
WMIC is going away, but PowerShell gives you stronger tools to manage systems. By locking down remoting to a single trusted server, and by learning the PowerShell equivalents of old WMIC commands, you keep control while using modern management methods.