1 files changed, 14 insertions, 3 deletions

diff --git a/examples/scripts/ConfigureRemotingForAnsible.ps1 b/examples/scripts/ConfigureRemotingForAnsible.ps1
index a70dc0354d..e7c71352f5 100644
--- a/examples/scripts/ConfigureRemotingForAnsible.ps1
+++ b/examples/scripts/ConfigureRemotingForAnsible.ps1
@@ -4,9 +4,13 @@
 # This script checks the current WinRM/PSRemoting configuration and makes the
 # necessary changes to allow Ansible to connect, authenticate and execute
 # PowerShell commands.
-# 
+#
 # Set $VerbosePreference = "Continue" before running the script in order to
 # see the output messages.
+# Set $SkipNetworkProfileCheck to skip the network profile check.  Without
+# specifying this the script will only run if the device's interfaces are in
+# DOMAIN or PRIVATE zones.  Provide this switch if you want to enable winrm on
+# a device with an interface in PUBLIC zone.
 #
 # Written by Trond Hindenes <trond@hindenes.com>
 # Updated by Chris Church <cchurch@ansible.com>
@@ -19,6 +23,7 @@
 Param (
     [string]$SubjectName = $env:COMPUTERNAME,
     [int]$CertValidityDays = 365,
+    [switch]$SkipNetworkProfileCheck,
     $CreateSelfSignedCert = $true
 )
 
@@ -28,7 +33,7 @@ Function New-LegacySelfSignedCert
         [string]$SubjectName,
         [int]$ValidDays = 365
     )
-    
+
     $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1"
     $name.Encode("CN=$SubjectName", 0)
 
@@ -96,8 +101,14 @@ ElseIf ((Get-Service "WinRM").Status -ne "Running")
 # WinRM should be running; check that we have a PS session config.
 If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener)))
 {
-    Write-Verbose "Enabling PS Remoting."
+  if ($SkipNetworkProfileCheck) {
+    Write-Verbose "Enabling PS Remoting without checking Network profile."
+    Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop
+  }
+  else {
+    Write-Verbose "Enabling PS Remoting"
     Enable-PSRemoting -Force -ErrorAction Stop
+  }
 }
 Else
 {