[Solved] The ws-management service cannot process the request. the service is configured to not accept any remote shell requests.

[Solved] The ws-management service cannot process the request. the service is configured to not accept any remote shell requests.

Infrastructure and system hardening a complex process which can take longer than expected time. Microsoft Windows provide a Microsoft security compliance kit to secure your infrastructure up to the minimal security marks which can be enhanced by adding more security using Active Directory Group Policy objects. Microsoft security compliance kid provide a predefined set of Active Directory Group Policy objects to save time for the hardening team.

CIS Bench marks are more advanced and secure set of instructions to tighten the security of Microsoft Windows Infrastructure. These Bench marks provide instructions to secure every aspect of operating systems (Windows Linux) as well as leading web servers. If you follow these CIS bench marks particularly for Windows Server 2016 or 2019 you might be blocking many items required for the administrator to perform routine jobs. Admins might be getting many issues like “The ws-management service cannot process the request. the service is configured to not accept any remote shell requests.” while installing any Microsoft Windows Server role e.g. IIS10.

The ws-management service cannot process the request
The ws-management service cannot process the request

There is a group policy object which needs to be amended to resolve this issue. The setting can be located in the following group policy path to resolve the issue of “The ws-management service cannot process the request”:
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Allow Remote Shell Access

Note: Once you are done with the disabling of this Group Policy Object, don’t forget to run the command gpupdate /force

As you see that this policy was recommended by CIS bench mark for extended security but some people might confused that its suggested by Microsoft which isn’t the case. This completely depend upon the security requirement from the penetration testing team that how much security settings needs to be implemented on the infrastructure to feel its secure.

However the CIS recommendation is to just disable the setting, which people mostly disagree with given the modern nature of PowerShell remoting capabilities and ease of use. Administrator must have this enabled as the primary management method but correctly configure the firewall.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.