Determining WinRM connections to a Machine

PSRemoting is an awesome feature in Microsoft Windows that serves as a ssh-like function. In Server 2012 and newer, it is enabled by default. You will, however, need to enable the feature on any client system you’d want to use it on. Some organizations feel having the service enabled throughout their organization is more of the burden than something that will increase productivity. Most of those of thoughts stem from not knowing who and is connecting or connected to systems. Luckily, there is a built-in cmdlet to should ease the worrying.

With suitable rights on a system, we can use the below to see who is connected to our system.

Get-WSManInstance -ConnectionURI ('') -ResourceURI shell -enumerate

Below are the results.

To clean this up a little, we can do the following:

Get-WSManInstance -ConnectionUR ('') -ResourceURI shell -enumerate | select ClientIP, ProcessID, ShellRunTime, ShellActivity | Format-Table

Our results are shown below and are a little easier to understand.

You could easily setup this up on some reoccurring schedule and output it to a file for further analysis.