NOTICE: Remember that WinRM traffic is encrypted even without the use of HTTPS.
To configure HTTPS for WinRM on a target machine you need to perform two things:
Make sure the machine has a valid certificate for HTTPS
Run
winrm quickconfig -transport:https
on the machine
Step 1
Before you can activate HTTPS for WinRM on a target machine it needs to have a valid certificate. Here’s a guide on how to distribute certificates through a GPO:
https://www.darkoperator.com/blog/2015/3/24/bdvjiiw1ybzfdjulc5pprgpkm8os0b
Step 2
To configure HTTPS for WinRM:
https://support.microsoft.com/sv-se/kb/2019527
There is no way to activate the WinRM HTTPS listener on a target machine using a GPO. One possibility is to use a start up script and place the following command there:
winrm quickconfig -transport:https