The Windows Remote Management (WinRM) service is the Microsoft implementation of WS-Management, WinRM is at the heart of Windows PowerShell remoting but this service can also be used by other non-PowerShell applications, it basically uses WMI over HTTP/HTTPS. By default, WS-Man and PowerShell remoting use port 5985 and 5986 for connections over HTTP and HTTPS, respectively.

• Enabled by default on Server 2012 onwards.
• You may need to enable remoting (Enable-PSRemoting) on a Desktop Windows machine, Admin privileges are required to do that.

You get elevated shell on remote system if admin creds are used to authenticate (which is the default setting).

PSRemoting works in 2 possible ways:

• One-to-One
• One-to-Many

One-to-One aka PSSession

Also called PSSession, is interactive, runs in a new process called wsmprovhost and is stateful.

When we enter in a new PSSession with command:

Enter-PSSession -ComputerName <computer-name>

A new wsmprovhost process is created as shown in the figure below:

in this case there are 2 currently logged users with PSSession

If we type this command:

$adminsrv = New-PSSession -Computer <computer-name>
Get-PSSession

It tells us that I have an open session (that's why it's stateful):