Test your knowledge!Take a quiz to access yourself.

WinRM – Invoke windows applications remotely

WinRM is the solution if you are facing problem to invoke windows application commands from linux machine remotely !!!

We need few things to perform this exercise :

  • 1 windows Remote desktop machine
  • 1 linux machine which could access windows machine(in same network)
  •  WINRM enabled on Windows machine
  • python(2.7) installed on linux machine

How it works !

Basically , the idea is to control few windows applications without login to the exact windows machine . Suppose , you are on linux machine and you have a requirement to get few results from windows machine or controlling some remote windows machine without login to it , then it is best way to use WINRM .

What is WINRM ?

Windows Remote Management (known as WinRM) is a handy new remote management service.WinRM is the “server” component of this remote management application and WinRS (Windows Remote Shell) is the “client” for WinRM, which runs on the remote computer attempting to remotely manage the WinRM server. However, you should note that BOTH computers must have WinRM installed and enabled on them for WinRS to work and retrieve information from the remote system.

While WinRM listens on port 80 by default, it doesn’t mean traffic is un-encrypted. Traffic by default is only accepted by WinRM when it is encrypted using the Negotiate or Kerberos SSP. WinRM uses HTTP (TCP 80) or HTTPS (TCP 443). It also includes helper code that lets its listener to share port 80 with IIS or any other application that may need to use that port.

winrm endpoint communication diagram

WinRM with SCVMM uses Kerberos for authentication, and does not support fall-back to NTLM. There will be an error instead. If no credentials are specified, then the logged-on credentials are used to authenticate against the remote machine. This allows for a single sign-on experience.


How to enable it on Windows ?

Step 1: Start Windows PowerShell as an administrator by right-clicking the Windows PowerShell shortcut and selecting Run As Administrator and run below commands

sc start WinRM
winrm create winrm/config/Listener?Address=*+Transport=HTTP
Enable-PSRemoting -Force
Set-Item wsman:\localhost\client\trustedhosts *
Restart-Service WinRM
netstat -na | findstr :5985
winrm get winrm/config/service
winrm quickconfig
winrm set winrm/config/client/auth @{Basic="true"}
winrm set winrm/config/service/auth @{Basic="true"}
winrm set winrm/config/service @{AllowUnencrypted="true"}

windows remote management architecture


Step 2 : Come to linux machine

  • install python on it
  • install python module pywinrm (Python library to initiate and execute commands on remote machine windows or any other )

Write a short script to just get the ip of the Windows Remote machine which we want to access.

import winrm
import time
s = winrm.Session('http://hostip:5985/wsman', auth=('username', 'password'))
r = s.run_cmd('ipconfig',['/all'])
#r = s.run_cmd('shutdown',['/r']) //for shutdown the windows
print (r.status_code)

it will display the IP information of the windows machine .

Similarly,  you can perform opening a notepad writing something into it and save it , or download some files on remote windows and execute them.

Add a Comment

Your email address will not be published. Required fields are marked *