Windows Servers rely on the WINRM protocol to be managed remotely. The following procedure helps to enable the protocol in home labs. A Windows 2025 server has WINRM enabled by default as long as it is joined to a domain that applied the following settings in GPO.
- Go to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Remote Management -> WinRM Service
1.1 Enable everything except “Specify channel binding token hardening level” and “Specify channel binding token hardening level“.
2. Go to Computer Configuration -> Preferences -> Windows Settings -> Registry -> Create a new Registry Item with the following settings.
Action: Create
Hive: HKEY_LOCAL_MACHINE
Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client
Value name: maxEnvelopeSize
Value type: REG_DWORD
Value data: 1048576
Run the command winrm get winrm/config in a terminal. The value of the second line in the output should be the same one that is configured in the GPO.
Config
MaxEnvelopeSizekb = 1048576
MaxTimeoutms = 60000Credit to the answer in powershell – Can you get the MaxEnvelopeSizeKb without needing to be an admin? – Stack Overflow
Please refer details to [MS-WSMAN]: wsman:MaxEnvelopeSize | Microsoft Learn
Some posts say that the key name is MaxEnvelopeSizekb. I think this is incorrect.