How do I run WinRM or PsExec in all domains and not only in the same subnet?

Question

I tested in my domain and I have this scenario:

In a computer with IP 10.100.40.10:
- I can run the WinRM and PsExec on all computers with the same subnet: 10.100.40.*
In a computer with ip 10.200.30.50:
- I can also run the same in all subnets: 10.200.30.*

But if I want to "cross" this subnet, it will fail even if I can see and check that the ports are OPEN for me. This mean:

In ip 10.100.40.10:
- If I do nmap -p 135,445,3389,5985,5986 10.200.30.- the ports will show open!
The same in 10.200.30.50 for the subnet 10.100.40.10

So, how can I admin the computer on the same domain but on different subnet? What do I need to configure to make it work? What is blocking me?

score 0 · Answer 1 · answered Jan 11 '24 at 13:59

0

Winrm uses TCP/5985, or TCP/5986 for TLS connections need to be enabled at the firewall.

For psexec, TCP/135, and 49152-65536 need to be enabled at the firewall.

answered Jan 11 '24 at 13:59

Greg Askew

1 Answers1