After getting it all setup and working, its now time to party!
BTW - Here is some info you might have missed in your haste to get started. ;-D
U: IEuser P: passw0rd!
Google on how to install winrm. but basically its winrm quickconfigure or winrm qc -q
Everything seemed to be okay. I'm admin, the terminal is running as admin, but I ran into the:
>>> Access Denied. <<<
So I did this:
First, the admin account password must be set. I tried both, and will not work otherwise. Also, be sure the network connection is set to Private/Work and not Public.
1. Open a terminal as a local administrator.
2. Enter the following at the prompt (all on one line):
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f3. Enter the following at the prompt:
winrm quickconfig4. To be sure we're up, enter following at the prompt:
sc qc winrm [SC] QueryServiceConfig SUCCESS SERVICE_NAME: winrm TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Remote Management (WS-Management) DEPENDENCIES : RPCSS : HTTP SERVICE_START_NAME : NT AUTHORITY\NetworkService sc qsidtype winrm [SC] QueryServiceConfig2 SUCCESS SERVICE_NAME: winrm SERVICE_SID_TYPE: UNRESTRICTED5. And to see if its listening on TCP port 5985:
netstat -ano | findstr :5985 TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4 TCP [::]:5985 [::]:0 LISTENING 46. From another box i.e., linux with netcat running...
nc -z -w1 <Windows IP> 5985;echo $? 0 - Listening 1 - Not listening7. Looking good. But what I wanted to be sure of, can I use Python to query winrm? Again from another box, having access to curl.
curl -v http://<Win IP>:5985/wsman
* Trying <Win IP>...
* Connected to <Win IP> (<Win IP>) port 5985 (#0)
> GET /wsman HTTP/1.1
> Host: 192.168.40.129:5985
> User-Agent: curl/7.47.0
> Accept: */*
>
> HTTP/1.1 405
<snip>
What I'm looking for is a 405 response code telling me there is no firewall issues and we can connect.8. Now, we need to see if we can do anything else. And since the purpose of this entire exercise is to write a python script...
vi test.py #!/usr/bin/env python import winrm s = winrm.Session('<Win IP>', auth=('IEuser', 'passw0rd!')) r = s.run_cmd('ipconfig', ['/all']) print r.status.code print r.std_out print r.std_errIf you get a r.status.code of zero (0) and r.std_out dumps out the ipconfig of the remote desktop, BOOYA!
Access Denied/401 Unauthorized
On the off chance your still getting authorization errors, do the following from the Windows box in the terminal as admin:1. Allow basic authentication:
winrm set winrm/config/client/auth @{Basic="true"} winrm set winrm/config/service/auth @{Basic="true"}2. Allow non-https connections
winrm set winrm/config/client @{AllowUnencrypted="true"}
winrm set winrm/config/service @{AllowUnencrypted="true"}
3. Bump up the timeout up to at least 30 minutes:winrm set winrm/config @{MaxTimeoutms="1800000"}
4. Start the WinRM service immediately when the system boots (all one line):powershell.exe -command {Set-ItemProperty -path "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \services\WinRM" -name "DelayedAutoStart" -value "0"}