Appendix A: Prerequisites for Enabling the Integrated Windows Gateway Mode

Usecases Required Level Type Details Purpose
Device and CA communications User account type User User Account Added to Group 1. Domain Admin To ensure seamless WinRM communication from a remote Java process, adding the user to the Domain Admin group is necessary. This grants the required permissions for enabling communication, remote execution,preventing operational failures and maintaining functionality.
2. Remote Management Users Adding the user to the Remote Management Users group is essential for enabling WinRM communication, as it grants the necessary permissions for remote execution and management tasks, ensuring secure and efficient operation.
User permission System Winrm Permissions Permissions:
  1. Enabling PSRemoting: Enable-PSRemoting -Force2
  2. Configure WinRM service:

    Set-Service -Name WinRM -StartupType Automatic

    Start-Service -Name WinRM3

  3. Allow WinRM Through Firewall : (if any)

    Enable-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC"

    Enable-NetFirewallRule -Name "WINRM-HTTP-In-TCP-DOMAIN"

  4. Permissions for WSMAN

    winrm set winrm/config/service '@{AllowUnencrypted="true"}'

    winrm set winrm/config/service/auth '@{Basic="true"}'

 Steps with command to enable winrm communication in windows machine
Ports System 5985 HTTP
System 5986 for HTTPS communication (Not Certified Yet)
Fetch CA - Domain execution host Devices part of Domain controllers gets all CA's available in that domain

Command to check : systeminfo | findstr /C:"OS Configuration"