Why PowerShell remoting can’t be enabled on a Windows server 2008

By | September 27, 2015

By default PSRemoting is disabled in Windows server 2008, is there any reason why PowerShell remoting can’t be enabled on the Windows server 2008 box? And of course we can enable manually through multiple ways, any security risks/issues on Windows server

To address about risks/issues of enabling it, there might actually be none. The question is why did Microsoft have it disabled as default in Windows Server 2008 but enabled in 2012? Usually there are three reasons why the default behaviour of a service/feature/role changes between OS releases, surprisingly didn’t find any info on public domain

Also Read: Enable Powershell Remoting on Windows server 2008 R2 and 2012

Some of my understanding why PowerShell remoting can’t be enabled on a Windows server 2008

The opposite of feature deprecation: Usually something they want to drop becomes disabled by default to preserve for next release, so the opposite is; sometimes new features are added (but have to be switched on by default) and then the product group make it default enabled in next release

Change in security posture: So the default was to lock everything down as before it was all about reducing the attack surface area (so you live under a rock in a cave and can’t do anything) but then because of improvements in securing the underlying OS / better understanding that there was no real problem, then things can become enabled by default

Feature Adoption: There was a big drive in Windows Server 2012 to make sure features were readily available/enabled and decouple them from any dependencies, like other OS interoperability/convoluted pre-requested, as customers would then be less likely to adopt features and mistakes in implementation

Also Read: Windows 10 compatibility with Windows Server 2003

Conclusion:

Indeed if you’re opening up ports or enabling services then there could be a valid reason for why that’s not acceptable in some environments, someone with administrative access can remotely own your box, I’d be much more concerned that in the first place someone already has administrative/privileged credentials and there are many more ways to hose up a box over the wire than worry about just one more way to connect.

Also Read: Active Directory on Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *