Hi Matt, It's pretty secure (haven't encountered a security breach due to that) though I find that the documentation about this is a bit lacking in my opinion... A few tips though: 1) Enable script execution for signed scripts and please don't set it to "Unrestricted" ;-) 2) By using "set-item wsman:localhost\client\trustedhosts -value mgmtserver01" you can set up that only mgmtserver01 is allowed to remote to this machine. 3) On older (XP) systems, set the following local policy to "Classic": Security Settings > Local Policies > Security Options > Network Access: Sharing and Security Model for local accounts
In my opinion the benefits for an admin/consultant of PowerShell Remoting are just plain amazing :-D
I think in an enterprise environment PowerShell remoting is almost required. It is much more secure and network friendly. I think many network admins fear it because they don't fully understand it. The best approach is to use Group Policy to configure remoting, the listener and the necessary firewall ports. If you are never going to run a script in a remote session, you can leave the execution policy for remote machines as Restricted. You can run all the scripts you want from your desktop and securely manage remote machines.
I'm going to request that we enable it, but I want to be prepared to stand my ground. I couldn't really find any good reasons not to. JHicks nailed it, in that what isn't understood is feared. Around here they'd take away our toilet paper if they knew we were using it.
I am guilty of setting execution policy to unrestricted on my workstation, but I haven't had a need to change it on remote machines. I know this is an area I need to work on. Learning about_signing is right at the top of my powershell list.