How To Use WSMan Proxy Support

The end user can operate a WSMan client from behind a web proxy for remote management, that is, the client machine connects to the internet through a web proxy server. All HTTP traffic between the client machine and the internet must pass through the proxy server.


Communication between WSMan client and server must remain secure to avoid eavesdropping by proxy, so WSMan proxy support is only over HTTPS, setting proxy information is not valid when the HTTP transport is specified. WSMan implements its own failover mechanism, WSMan client stack caches the result of the Winhttp auto-detection process per session for performance reasons.


In this blog, we illustrate the scenario of using WSMan client via web proxy for remote management.


1) On server machine

In the following example, we use either “quickconfig” to create a HTTPS listener and explicitly open port 5986, or set EnableCompatibilityHttpsListener to True to create a HTTPS listener and explicitly open port 443, We also make sure the server side allows Basic authentication

PS D:\Windows\system32> Set-WSManQuickConfig -UseSSL

WinRM Quick Configuration

Running the Set-WSManQuickConfig command has significant security implications, as it enables remote ……………………………….

PS D:\Windows\system32> netsh advfirewall firewall add rule name=”Port 5986″ dir=in action=allow protocol=TCP localport=5986


PS D:\Windows\system32> Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpsListener $true

PS D:\Windows\system32> netsh advfirewall firewall add rule name=”Port 443″ dir=in action=allow protocol=TCP localport=443


PS D:\Windows\system32> Set-Item WSMan:\localhost\Service\Auth\Basic $true

PS D:\Windows\system32>



2) On client machine

After setting up the server side, end user can operate a WSMan client from behind a web proxy for remote management, please note most winrm-related PS cmdlets contain a SessionOption parameter which allows the proxy info to be specified

PS D:\Windows\system32> $remoteCred = Get-Credential Administrator

PS D:\Windows\system32> $proxyCred = Get-Credential domain\user

PS D:\Windows\system32> $SessionOption=New-WSManSessionOption -ProxyAuthentication Negotiate -ProxyAccessType ProxyIEConfig -ProxyCredential $proxyCred

PS D:\Windows\system32> Get-WSManInstance -ConnectionURI https://machineFQDN:443/wsman -ResourceURI winrm/config -SessionOption $SessionOption -Authentication Basic -Credential $remoteCred

cfg                 :

lang                : en-US

MaxEnvelopeSizekb   : 150

MaxTimeoutms        : 60000

MaxBatchItems       : 32000



In the above example we create a WSMan Session option hashtable which can be passed into WSMan cmdlets such as Get-WSManInstance. That session option takes the following parameters and values related to proxy info:


ProxyAuthentication: This parameter takes a set of authentication methods the user can select from, Specifying the authentication method to use at the proxy. The available options should be as follows:

                Negotiate           Use Negotiate authentication (Either Kerberos or NTLM) for establishing a remote connection.

                Basic                      Use basic authentication for establishing a remote connection

                Digest                   Use Digest authentication for establishing a remote connection


      required if ProxyAuthentication is Basic or Digest, opional if ProxyAuthentication is Negotiate as it can use the implicit logon credential

                cannot be specified if ProxyAuthentication is not specfied





                ProxyNoProxyServer: Do not use a proxy server. All host names will be resolved locally

Comments (1)

  1. Hi, Does WMI .NET API support web proxy?   There is a case as following.

    1. I have some servers on public network which is outside of our internal network.

    2. I can access these servers by a web proxy.

    3. I have a tool which developed with WMI .NET API. This tool setup WMI connection to servers, it copy a program to the servers and lunch the program in these servers. (Means that deploy some softwares to servers remotely)

    The issue is that the web proxy is there, so I can not connect to the servers with WMI API. So my question is that,  does WMI API support web proxy? And which class or method I should to call….