WinRM
WinRM
Test WinRM
Not a valid API call, but verifies if WinRM service is listening:
# curl -i -k https://moonshadow.home.lab:5986 HTTP/2 404 content-type: text/html; charset=us-ascii server: Microsoft-HTTPAPI/2.0 date: Thu, 28 Mar 2024 18:24:22 GMT content-length: 315 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Not Found</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Not Found</h2> <hr><p>HTTP Error 404. The requested resource is not found.</p> </BODY></HTML>
WinRM Service
Enable with script from: [1]
https://raw.githubusercontent.com/ansible/ansible-documentation/ae8772176a5c645655c91328e93196bcf741732d/examples/scripts/ConfigureRemotingForAnsible.ps1
Example:
mkdir c:\ci $url = "https://raw.githubusercontent.com/ansible/ansible-documentation/ae8772176a5c645655c91328e93196bcf741732d/examples/scripts/ConfigureRemotingForAnsible.ps1" $file = "c:\ci\ConfigureRemotingForAnsible.ps1" (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) powershell.exe -ExecutionPolicy ByPass -File $file winrm id
Service -
Service: "WinRM" - "Windows Remote Management (WS-Management)" C:\Windows\System32\svchost.exe -k NetworkService -p
Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
Restart service:
net stop WinRM net start WinRM
Windows Remote Management Command Line Tool
Remote Query
NOTE: Only useful if you have setup actual certificates. Have yet to figure out how to use the winrm cli tool with self signed certificates. For that use the Powershell calls instead. Alternatively you can enable INSECURE unencrypted connections and use HTTP.
winrm help auth winrm OPERATION -remote:VALUE [-authentication:VALUE] [-username:USERNAME] [-password:PASSWORD]
winrm get winrm/config -remote:https://SOMESERVER:5986 -username:X -password:X
winrm OPERAION -remote:https://SOMESERVER:5986 -username:X -password:X winrm get winrm/config -remote:SOMESERVER -username:X -password:X -usessl winrm get winrm/config -remote:SOMESERVER -username:X -password:X -usessl -skipCAcheck -skipCNcheck
winrs -r:https://SOMESERVER:5986 -username:X -password:X
Check if running
  winrm id[entify] -?   Determines if a WS-Management implementation is
                        running on the remote machine.
winrm id
PS C:\> winrm id
IdentifyResponse
    ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
    ProductVendor = Microsoft Corporation
    ProductVersion = OS: 10.0.19045 SP: 0.0 Stack: 3.0
    SecurityProfiles
        SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/basic, http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/basic, http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos, http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/spnego-kerberos
winrm id -r:host.example.com -usessl winrm id -r:host.example.com -usessl -skipcacheck -skipcncheck winrm id -r:host.example.com -usessl -skipcacheck -skipcncheck -username:XXX winrm id -r:host.example.com -usessl -skipcacheck -skipcncheck -username:XXX -password:XXX
Check Config
winrm get winrm/config
Help
C:\>winrm
Windows Remote Management Command Line Tool
Windows Remote Management (WinRM) is the Microsoft implementation of
the WS-Management protocol which provides a secure way to communicate
with local and remote computers using web services.
Usage:
  winrm OPERATION RESOURCE_URI [-SWITCH:VALUE [-SWITCH:VALUE] ...]
        [@{KEY=VALUE[;KEY=VALUE]...}]
For help on a specific operation:
  winrm g[et] -?        Retrieving management information.
  winrm s[et] -?        Modifying management information.
  winrm c[reate] -?     Creating new instances of management resources.
  winrm d[elete] -?     Remove an instance of a management resource.
  winrm e[numerate] -?  List all instances of a management resource.
  winrm i[nvoke] -?     Executes a method on a management resource.
  winrm id[entify] -?   Determines if a WS-Management implementation is
                        running on the remote machine.
  winrm quickconfig -?  Configures this machine to accept WS-Management
                        requests from other machines.
  winrm configSDDL -?   Modify an existing security descriptor for a URI.
  winrm helpmsg -?      Displays error message for the error code.
For help on related topics:
  winrm help uris       How to construct resource URIs.
  winrm help aliases    Abbreviations for URIs.
  winrm help config     Configuring WinRM client and service settings.
  winrm help certmapping Configuring client certificate access.
  winrm help remoting   How to access remote machines.
  winrm help auth       Providing credentials for remote access.
  winrm help input      Providing input to create, set, and invoke.
  winrm help switches   Other switches such as formatting, options, etc.
  winrm help proxy      Providing proxy information.
Powershell
$hostname = 'MYHOST'
$winrmport = "5986"
$user = 'MYUSER'
$pass = 'MYPASS' | ConvertTo-SecureString -AsPlainText -Force
$cred = [PSCredential]::New($user, $pass)
$soptions = New-WSManSessionOption -SkipCACheck -SkipCNCheck
Test-WSMan -ComputerName $hostName
if($?) {
    echo "winrm is enabled on remote system"
} else {
    echo "winrm is NOT enabled on remote system"
}
Connect-WSMan -ComputerName $hostName -Credential $cred -SessionOption $soptions -UseSSL
... do more winrm commands ...
echo "--------------------------"
Disconnect-WSMan -ComputerName $hostName
Better option:
$session = New-PSSession -ComputerName $hostName -Port $winrmPort -Credential $cred -SessionOption $ssoptions -UseSSL
# Invoke-Command -Session $session -FilePath C:\scripts\test.ps1
# Invoke ref: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/invoke-command?view=powershell-7.4
$a = Invoke-Command -Session $session -ScriptBlock { dir c:\ }
echo $a
ref: https://learn.microsoft.com/en-us/windows/win32/winrm/winrm-powershell-commandlets
Powershell Enter Remote Session Interactively
... # Enter session interactively - not sure how useful this is in a script? #$soptions = New-PSSessionOption -SkipCACheck -SkipCNCheck #Enter-PSSession -ComputerName $hostName -Port $winrmPort -Credential $cred -SessionOption $soptions -UseSSL