WinRM HTTPS

High Risk

TCP — Remote Access

Port Overview

Port Number 5986

Service Name WinRM HTTPS

Transport Protocol TCP

Category Remote Access

Security Risk High

Port Range Registered (1024-49151)

What is Port 5986?

Port 5986 is used by Windows Remote Management (WinRM) for HTTPS-encrypted remote PowerShell and management connections. This is the secure alternative to port 5985, using SSL/TLS to encrypt remote management traffic. Both Ansible and PowerShell remoting can be configured to use HTTPS for secure Windows administration.

TCP Remote Access Commonly Used

Security Considerations

Port 5986 (WinRM HTTPS) is classified as high risk. This port is a common target for automated scanning and brute-force attacks. If you must expose it, restrict access to known IP addresses.

Recommendation: Use firewall rules to whitelist trusted IPs. Enable rate limiting and intrusion detection.

Related Ports — Remote Access

22 SSH 23 Telnet 89 SU/MIT Telnet Gateway 95 SUPDUP 107 Remote Telnet 177 XDMCP 259 ESRO 311 macOS Server Admin