WinRM

From Omnia
Jump to navigation Jump to search

WinRM

TCP Port 5986

HTTPS SSL over port 5986

Test WinRM

Not a valid API call, but verifies if WinRM service is listening:

# curl -i -k https://moonshadow.home.lab:5986
HTTP/2 404
content-type: text/html; charset=us-ascii
server: Microsoft-HTTPAPI/2.0
date: Thu, 28 Mar 2024 18:24:22 GMT
content-length: 315

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>

WinRM Service

Enable with script from: [1]

https://raw.githubusercontent.com/ansible/ansible-documentation/ae8772176a5c645655c91328e93196bcf741732d/examples/scripts/ConfigureRemotingForAnsible.ps1

Example:

mkdir c:\ci

$url = "https://raw.githubusercontent.com/ansible/ansible-documentation/ae8772176a5c645655c91328e93196bcf741732d/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "c:\ci\ConfigureRemotingForAnsible.ps1"
(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file

winrm id

Service -


Service:  "WinRM" - "Windows Remote Management (WS-Management)"
C:\Windows\System32\svchost.exe -k NetworkService -p

Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.

Restart service:

net stop WinRM
net start WinRM

Firewall

netsh advfirewall firewall add rule name="WinRM" dir=in action=allow protocol=TCP localport=5986
netsh advfirewall firewall show rule name="WinRM"

Windows Remote Management Command Line Tool

Remote Query

NOTE: Only useful if you have setup actual certificates. Have yet to figure out how to use the winrm cli tool with self signed certificates. For that use the Powershell calls instead. Alternatively you can enable INSECURE unencrypted connections and use HTTP.

winrm help auth

winrm OPERATION -remote:VALUE
  [-authentication:VALUE]
  [-username:USERNAME]
  [-password:PASSWORD]
winrm get winrm/config -remote:https://SOMESERVER:5986 -username:X -password:X
winrm OPERAION -remote:https://SOMESERVER:5986 -username:X -password:X
winrm get winrm/config -remote:SOMESERVER -username:X -password:X -usessl
winrm get winrm/config -remote:SOMESERVER -username:X -password:X -usessl -skipCAcheck -skipCNcheck
winrs -r:https://SOMESERVER:5986 -username:X -password:X

Check if running

  winrm id[entify] -?   Determines if a WS-Management implementation is
                        running on the remote machine.
winrm id
PS C:\> winrm id
IdentifyResponse
    ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
    ProductVendor = Microsoft Corporation
    ProductVersion = OS: 10.0.19045 SP: 0.0 Stack: 3.0
    SecurityProfiles
        SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/basic, http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/basic, http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos, http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/spnego-kerberos
winrm id -r:host.example.com -usessl
winrm id -r:host.example.com -usessl -skipcacheck -skipcncheck
winrm id -r:host.example.com -usessl -skipcacheck -skipcncheck -username:XXX
winrm id -r:host.example.com -usessl -skipcacheck -skipcncheck -username:XXX -password:XXX

Check Config

winrm get winrm/config

Help

C:\>winrm
Windows Remote Management Command Line Tool

Windows Remote Management (WinRM) is the Microsoft implementation of
the WS-Management protocol which provides a secure way to communicate
with local and remote computers using web services.

Usage:
  winrm OPERATION RESOURCE_URI [-SWITCH:VALUE [-SWITCH:VALUE] ...]
        [@{KEY=VALUE[;KEY=VALUE]...}]

For help on a specific operation:
  winrm g[et] -?        Retrieving management information.
  winrm s[et] -?        Modifying management information.
  winrm c[reate] -?     Creating new instances of management resources.
  winrm d[elete] -?     Remove an instance of a management resource.
  winrm e[numerate] -?  List all instances of a management resource.
  winrm i[nvoke] -?     Executes a method on a management resource.
  winrm id[entify] -?   Determines if a WS-Management implementation is
                        running on the remote machine.
  winrm quickconfig -?  Configures this machine to accept WS-Management
                        requests from other machines.
  winrm configSDDL -?   Modify an existing security descriptor for a URI.
  winrm helpmsg -?      Displays error message for the error code.

For help on related topics:
  winrm help uris       How to construct resource URIs.
  winrm help aliases    Abbreviations for URIs.
  winrm help config     Configuring WinRM client and service settings.
  winrm help certmapping Configuring client certificate access.
  winrm help remoting   How to access remote machines.
  winrm help auth       Providing credentials for remote access.
  winrm help input      Providing input to create, set, and invoke.
  winrm help switches   Other switches such as formatting, options, etc.
  winrm help proxy      Providing proxy information.

Powershell

$hostname = 'MYHOST'
$winrmport = "5986"
$user = 'MYUSER'
$pass = 'MYPASS' | ConvertTo-SecureString -AsPlainText -Force
$cred = [PSCredential]::New($user, $pass)

$soptions = New-WSManSessionOption -SkipCACheck -SkipCNCheck

Test-WSMan -ComputerName $hostName
if($?) {
    echo "winrm is enabled on remote system"
} else {
    echo "winrm is NOT enabled on remote system"
}

Connect-WSMan -ComputerName $hostName -Credential $cred -SessionOption $soptions -UseSSL

... do more winrm commands ...

echo "--------------------------"

Disconnect-WSMan -ComputerName $hostName

Better option:

$session = New-PSSession -ComputerName $hostName -Port $winrmPort -Credential $cred -SessionOption $ssoptions -UseSSL

# Invoke-Command -Session $session -FilePath C:\scripts\test.ps1

# Invoke ref: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/invoke-command?view=powershell-7.4
$a = Invoke-Command -Session $session -ScriptBlock { dir c:\ }

echo $a

ref: https://learn.microsoft.com/en-us/windows/win32/winrm/winrm-powershell-commandlets

Invoke ref: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/invoke-command?view=powershell-7.4

Powershell Enter Remote Session Interactively

...
# Enter session interactively - not sure how useful this is in a script?
#$soptions = New-PSSessionOption -SkipCACheck -SkipCNCheck
#Enter-PSSession -ComputerName $hostName -Port $winrmPort -Credential $cred -SessionOption $soptions -UseSSL

keywords