Thursday, March 24, 2016

Enable WinRM on Windows 7

Okay, I needed to enable WinRM on a VM box running in my lab.  Given this is meant only for testing I went with the free stuff that is provided by Microsoft.  BTW, I'm not sure why you cannot select VMware under the Linux tab, but VMware on Windows runs just as well as on Linux...
After getting it all setup and working, its now time to party!

BTW - Here is some info you might have missed in your haste to get started. ;-D
U: IEuser 
P: passw0rd!

Google on how to install winrm.  but basically its winrm quickconfigure or winrm qc -q
Everything seemed to be okay.  I'm admin, the terminal is running as admin, but I ran into the:

>>> Access Denied. <<<

So I did this:
First, the admin account password must be set.  I tried both, and will not work otherwise.  Also, be sure the network connection is set to Private/Work and not Public.

1.  Open a terminal as a local administrator.
2.  Enter the following at the prompt (all on one line):
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v 
LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
3.  Enter the following at the prompt:
winrm quickconfig
4.  To be sure we're up, enter following at the prompt:
sc qc winrm

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: winrm
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Remote Management (WS-Management)
        DEPENDENCIES       : RPCSS
                           : HTTP
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

sc qsidtype winrm

[SC] QueryServiceConfig2 SUCCESS

SERVICE_NAME: winrm
SERVICE_SID_TYPE:  UNRESTRICTED
5.  And to see if its listening on TCP port 5985:
netstat -ano | findstr :5985

  TCP    0.0.0.0:5985          0.0.0.0:0              LISTENING       4
  TCP    [::]:5985             [::]:0                 LISTENING       4
6.  From another box i.e., linux with netcat running...
nc -z -w1 <Windows IP> 5985;echo $?
0 - Listening
1 - Not listening
7.  Looking good.  But what I wanted to be sure of, can I use Python to query winrm? Again from another box, having access to curl.  
curl -v http://<Win IP>:5985/wsman
*   Trying <Win IP>...
* Connected to <Win IP> (<Win IP>) port 5985 (#0)
> GET /wsman HTTP/1.1
> Host: 192.168.40.129:5985
> User-Agent: curl/7.47.0
> Accept: */*
>
> HTTP/1.1 405
<snip>
What I'm looking for is a 405 response code telling me there is no firewall issues and we can connect.
8.  Now, we need to see if we can do anything else.  And since the purpose of this entire exercise is to write a python script...
vi test.py

#!/usr/bin/env python
import winrm

s = winrm.Session('<Win IP>', auth=('IEuser', 'passw0rd!'))
r = s.run_cmd('ipconfig', ['/all'])

print r.status.code
print r.std_out
print r.std_err
If you get a r.status.code of zero (0) and r.std_out dumps out the ipconfig of the remote desktop, BOOYA!

Access Denied/401 Unauthorized

On the off chance your still getting authorization errors, do the following from the Windows box in the terminal as admin:

1.  Allow basic authentication:
winrm set winrm/config/client/auth @{Basic="true"}
winrm set winrm/config/service/auth @{Basic="true"}
2.  Allow non-https connections
winrm set winrm/config/client @{AllowUnencrypted="true"}
winrm set winrm/config/service @{AllowUnencrypted="true"}
3.  Bump up the timeout up to at least 30 minutes:
winrm set winrm/config @{MaxTimeoutms="1800000"}
4. Start the WinRM service immediately when the system boots (all one line):
powershell.exe -command {Set-ItemProperty -path "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\services\WinRM" -name "DelayedAutoStart" -value "0"}