How to Add Computers to TrustedHosts List Using PowerShell

Introduction

In PowerShell, the TrustedHosts list is used to specify remote computers that are trusted by the local computer. When you try to establish a remote PowerShell session to a computer that is not in the TrustedHosts list, you will get an error message stating that the remote computer is not recognized as a trusted host.

Enter-PSSession : Connecting to remote server vm2 failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

error-not-adding-computer-to-trustedhosts-list

To avoid this error, you can add the remote computer to the TrustedHosts list using PowerShell. This is typically required when you are trying to establish a remote PowerShell session to a computer that is not in the same domain or workgroup as the local computer.

In this blog post, we will walk you through how to get list of TrustedHosts add computers to TrustedHosts list using PowerShell.

Get list of TrustedHosts

To get TrustedHosts list, you can use Get-Item cmdlet and specify WSMan provider path. The default value is empty.


Get-Item WSMan:\localhost\Client\TrustedHosts

get trustedhosts list

Add all computers to the TrustedHosts list

To add computer to TrustedHosts list, you can use Set-Item cmdlet and asterisk * as wildcard.


Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value *

add all computers to trustedhosts list

Add specific computer to TrustedHosts list

To add a computer to TrustedHosts list, you can use Set-Item cmdlet and specify computer name as value.


Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'vm2'

add specific computer to trustedhosts list

Add all computers in a domain to TrustedHosts list

Similar to add all computers to TrustedHosts list, we need to append asterisk with domain name, for example *.byteinthesky.com.


Set-Item -Path WSMan:\localhost\Client\TrustedHosts *.byteinthesky.com

add all computers in a domain to trustedhosts list

Add computer to existing TrustedHosts list

When you add new computer to existing TrustedHosts list, it will overwrite existing value. Therefore, you need to concatenate the new value as follows:


Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'vm3' -Concatenate

add computer to existing trustedhosts list

Add IP Address to TrustedHosts list

You can also specify IP Address to be added to TrustedHosts list.


Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 20.205.152.188

add ip address to trustedhosts list

Conclusion

To add computer to TrustedHosts list, we can use Set-Item cmdlet and specify computer name to be added or using wildcard to add all computers. We can also get list of TrustedHosts using Get-Item and specify WSMan provider path.

However, it’s important to note that adding a computer to the TrustedHosts list can introduce a security risk, as it allows remote computers to connect to the local computer without any authentication. It’s recommended to use more secure methods of authentication and authorization, such as using certificates or domain-based authentication, whenever possible.