How to configure PSRemoting without domain

Hey guys,

I’m really stuck on this. Could anyone explain to me as simple as possible how to setup and connect with PSR without a domain environment?


The main limitation is that without a domain, you can’t use Kerberos authentication. This means that you need to either set up an HTTPS listener on all machines, or use the TrustedHosts list on the client computers (with HTTPS being the more secure option, as it authenticates both client and server.) There’s more information bout how to configure both of these options in the “Secrets of PowerShell Remoting” free ebook, which you can download from this site: click on Resources -> Free Ebooks along the top of the page.

In the environment I work in we use this pretty frequently by creating HTTPS listeners and self signed certs…if you go the self signed route you need to specify some extra options to ignore the cert problems. Here is basic code you can use to establish the https connection.

$Computer = ‘’ #you can use ip as long as you ignore the cert
$Username = ‘’
$Password = ‘’
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
$PSSO = New-PSSessionOption -SkipCACheck -SkipCNCheck

Enter-PSSession -ComputerName $Computer -UseSSL -SessionOption $PSSO -Credential $Cred

Creating the listener unfortunately is not very straight forward either compared to the normal Enable-PSRemoting which just configures things for HTTPS…if you’re going to be using this frequently though it is easy enough to write a script to set up listeners which is what I did. There are probably good details in the book Dave mentioned.

One caveat I have found is that on servers older than 2008 R2 the certificate skip checks don’t seem to work and a valid certificate matching the hostname is required.