# Windows Remote Management > [!warning] > By default, UAC restricts WinRM calls to domain admins and the default local "Administrator" account. *Local Windows admins cannot call this service without first disabling UAC!* > [!tip] > Admin-ish privileges (including privileges associated with the Backup Operators group) are stripped by default when using WinRM. To enable this access, we need to set the LocalAccountTokenFilterPolicy registry key to 1. > > ```powershell > reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /t REG_DWORD /v LocalAccountTokenFilterPolicy /d 1 > ``` Windows Remote Management (WinRM) is basically PowerShell-over-[HTTP](HTTP.md). It requires access to [[TCP]] 5985 (unencrypted) or [[TCP]] 5986 (encrypted). ## WinRS ![[winrs]] ## PowerShell ![[Use WinRM with PowerShell]] ## Evil-WinRM ![[Evil-WinRM]]