Wahmans Powershell Blog

Set-WSManInstance

PowerShell Cmdlet Deep Dive: Set-WSManInstance

Welcome back to Wahmans PowerShell Blog! Today we’re diving into a powerful yet sometimes overlooked cmdlet: Set-WSManInstance.

According to Microsoft, Set-WSManInstance “modifies the management information that is related to a resource.” This cmdlet is part of the WS-Management framework, which is central to how machines (especially ones running Windows Remote Management, or WinRM) expose systems and configuration data over remote management protocols.

This cmdlet allows us to change settings on the WSMan provider. You might use this to configure options like session timeouts, security settings, and remoting parameters — extremely handy for automated infrastructure setups or ongoing system maintenance.

Prerequisites

  • Ensure WinRM is enabled (Enable-PSRemoting can help)
  • You must be running PowerShell with elevated privileges

Example 1: Set the MaxConcurrentUsers Value

Let’s start simple. Suppose you want to limit the number of concurrent remote users on your system. You can use Set-WSManInstance to achieve this.

Set-WSManInstance -ResourceURI winrm/config/service -Value @{MaxConcurrentUsers="5"}

This sets the maximum number of concurrent remote users to 5 under the WinRM configuration.

Example 2: Enable Basic Authentication (with caution!)

In some test environments, you might want to enable Basic authentication. It’s generally not recommended for production unless secured with HTTPS.

Set-WSManInstance -ResourceURI winrm/config/service/auth -Value @{Basic="true"}

Warning: Basic authentication sends credentials in plain text. Use over HTTPS only.

Example 3: Configure Session Timeout for Idle Sessions

You can set a shorter timeout to reduce resource usage when sessions are idle.

Set-WSManInstance -ResourceURI winrm/config -Value @{MaxTimeoutms="30000"}

The value is in milliseconds — this sets the timeout to 30 seconds for demonstration purposes.

Example 4: Modify Listener Configuration (Advanced)

This is a more advanced example where you retrieve a specific listener and modify its settings. For example, changing the listening IP address binding to a specific address.

# Get the Resource URI for the listener to modify
$listener = Get-WSManInstance -ResourceURI winrm/config/Listener -SelectorSet @{Address="*"; Transport="HTTP"}

# Modify the listening address (example: binding to only localhost)
Set-WSManInstance -ResourceURI winrm/config/Listener -SelectorSet @{Address=$listener.Address; Transport=$listener.Transport} -Value @{Address="127.0.0.1"}

This can be used to restrict WinRM access to local processes only, a useful lockdown mechanism for securing endpoints.

Wrap-Up

Set-WSManInstance is a versatile cmdlet for managing your WS-Management configurations. Whether you’re tuning for security, performance, or even access controls, it’s a powerful addition to your PowerShell toolkit.

Happy scripting, and I will see you in the next post!

Leave a Reply

Your email address will not be published. Required fields are marked *