By default on Windows Server 2012 and later, WinRM is configured to allow PS remoting, i.e. I don't have to issue an Enable-PSRemoting cmdlet.  However, the Windows firewall is (understandably) configured rather strictly.  There are two rules for Windows Remote Management (HTTP-In) - one is scoped for Public networks and the other is scoped for domain networks. Both of these are initially configured to limit remote IP addresses from the local subnet.

This works all well and fine when performing remote management from a remote machine that is on the local subnet, but that is not always going to be the case.  Therefore, I would like to remove the local subnet option from one or both of those firewall rules.  I have a script that already sets a number of firewall rules that I run against any new machine I build (yes, I know they could be configured in group policies, but some of these are set to allow certain things before the machine is domain joined).  But I have not been able to figure out how to remove the local subnet from this rule.  Very easy in the GUI - on the Scope tab select Any IP Address click OK and everything works as I want it to.

What parameter of the Set-NetFireWallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" is used to set this?  Or, is it a combination of commands?

Extra credit for instructions on how to find this.  Generally I will do something like Get-NetFireWallRule | FL * to see everything that I might be able to modify, and it generally works for me.  But I have been comparing the output of this between two systems - one configured by default and the other configured with the GUI to remove the local subnet, and I am not seeing any difference.

Thanks for the gui

Maybe this?

Get-NetFirewallAddressFilter WINRM-HTTP-In-TCP |Set-NetFirewallRule -Profile Public -RemoteAddress Any

Thank you!  Yes, that did it (it also works by simply using the -Name parameter on the Set cmdlet - no need to pipe from the Get cmdlet). 

It was the keyword 'Any' on the -RemoteAddress parameter that I was unable to find during all my searching.  The TechNet help does not show that.  Help Set-NetFirewallRule -parameter Remote didn't give me that.  When I entered the command with an invalid value to that parameter I got this back as the error:

Set-NetFirewallRule : The address is invalid.  Addresses may be specified as IP addresses, ranges, or subnets.  Also, the following address keywords are allowed in certain places: LocalSubnet, DNS, DHCP, WINS, DefaultGateway, Internet, Intranet, IntranetRemoteAccess, PlayToDevice.  Keywords can be restricted to IPv4 or IPv6 by appending a 4 or 6.

No mention of the keyword 'Any' in any of the documentation that I had found.  Did you actually find that in some documentation that I missed, or was it one of those things that you guessed at the parameter based on past experience?

Thanks, again.  Much appreciated.

The type of the property is an enum.  I just enumerated the enum and picked "any" as the likely candidate.

Hi Tim,

The documentation does mention the Any keyword, but it doesn't go into any detail about what 'Any' actually means.

https://technet.microsoft.com/en-us/library/jj573828(v=wps.630).aspx

Relevant snip:

-RemoteAddress<String[]>

But if you inspect the  address filter object it is an enum for remote address type.  It can also take localsubnet and one other I believe.

Yep - going back and searching the page for 'Any' I see it now.  My eyes jumped to the block defining acceptable addresses.  My fault.

"But if you inspect the  address filter object it is an enum for remote address type."

Okay, this looks like something I need to learn.  How do I go about finding that something is an enum?  How do I enumerate it?

Thanks for teaching.

Yep - going back and searching the page for 'Any' I see it now.  My eyes jumped to the block defining acceptable addresses.  My fault.

"But if you inspect the  address filter object it is an enum for remote address type."

Okay, this looks like something I need to learn.  How do I go about finding that something is an enum?  How do I enumerate it?

Thanks for tea

I follow the Scripting Guys blog, so I had just read the blogs on enum.  Those posts assume the reader understands what an enum is.  Reading through the series of blogs, I can follow what he is doing, but I don't understand what enums would be used for.

I guess my problem is that I have not coded since the early 80's - assembler language on TOPS-20.  So I have no idea what an enum is or how it's to be used - never knowingly ran into them.  I guess I need to start at the beginning and try to figure that out.

"enum" is short for "enumeration".

https://www.google.com/?gws_rd=ssl#newwindow=1&q=enumeration+definition