Allowing Domain Users to run winrm commands


Currently i have a AD/Kerberos Configured on one EC2 instance(Windows 2008 R2) and created couple of users. Each of the users has administrator privileges. When We login as a non-domain Administrator, i can successfully execute the winrm commands. But when i login as the domain User (who has administrator privileges), i cannot run the winrm commands:

C:\Users\domain-username>winrm get winrm/config/service/auth
    Message = Access is denied.

Error number:  -2147024891 0x80070005
Access is denied.

I check the Group Policy Editor for WinRM did not find anything relevant. I am not sure what i am missing.

asked on Server Fault Jul 9, 2012 by Cheezo

2 Answers


First thing that pops in my head: is cmd elevated? It would be by default on local Administrator account, not so with domain accounts that belong to local Administrators group. Your current prompt (c:\users...) kind of suggests this might be the reason for access rights issues (elevated cmd starts in c:\windows\system32 by default).

I've tested both elevated and non-elevated and get same results as you do with "normal" and expected results with "elevated" one.

answered on Server Fault Jul 11, 2012 by BartekB

You have to add the user to the group "Remote Management Users" on the WinRM server.

answered on Server Fault Nov 20, 2014 by Alex • edited Nov 20, 2014 by Dave M

User contributions licensed under CC BY-SA 3.0