By default PSRemoting is disabled in Windows server 2008, is there any reason why PowerShell remoting can’t be enabled on the Windows server 2008 box? And of course we can enable manually through multiple ways, any security risks/issues on Windows server
To address about risks/issues of enabling it, there might actually be none. The question is why did Microsoft have it disabled as default in Windows Server 2008 but enabled in 2012? Usually there are three reasons why the default behaviour of a service/feature/role changes between OS releases, surprisingly didn’t find any info on public domain
Also Read: Enable Powershell Remoting on Windows server 2008 R2 and 2012
Some of my understanding why PowerShell remoting can’t be enabled on a Windows server 2008
The opposite of feature deprecation: Usually something they want to drop becomes disabled by default to preserve for next release, so the opposite is; sometimes new features are added (but have to be switched on by default) and then the product group make it default enabled in next release
Change in security posture: So the default was to lock everything down as before it was all about reducing the attack surface area (so you live under a rock in a cave and can’t do anything) but then because of improvements in securing the underlying OS / better understanding that there was no real problem, then things can become enabled by default
Feature Adoption: There was a big drive in Windows Server 2012 to make sure features were readily available/enabled and decouple them from any dependencies, like other OS interoperability/convoluted pre-requested, as customers would then be less likely to adopt features and mistakes in implementation
Also Read: Windows 10 compatibility with Windows Server 2003
Conclusion:
Indeed if you’re opening up ports or enabling services then there could be a valid reason for why that’s not acceptable in some environments, someone with administrative access can remotely own your box, I’d be much more concerned that in the first place someone already has administrative/privileged credentials and there are many more ways to hose up a box over the wire than worry about just one more way to connect.
Also Read: Active Directory on Cloud
