Windows Remote Management

Secure communication with local and remote computers using web services.

      winrm g[et] | s[et] | c[reate] | d[elete] | e[numerate] | 
            i[nvoke] |  id[entify] | quickconfig |  configSDDL |  helpmsg

   Retrieve instances of RESOURCE_URI:

      winrm get winrm/config
      winrm get winrm/config/client
      winrm get winrm/config/service

   Modify settings in RESOURCE_URI: 

   Spawn an instance of RESOURCE_URI:
      winrm create RESOURCE_URI [-SWITCH:VALUE [-SWITCH:VALUE] ...]

   Control remote access to WinRM resources, launch a GUI to edit security settings.
      winrm configsddl RESOURCE_URI

   Enable this machine for remote management.
      winrm quickconfig [-quiet] [-transport:VALUE]

      This will start the WinRM service, set the service to auto start, create
      a listener and enable an http firewall exception for WS-Management traffic

       -q[uiet]          Don’t prompt for confirmation.

       -transport:VALUE  Perform quickconfig for either http or https.  Default = http.

   List instances of RESOURCE_URI:
      winrm enumerate RESOURCE_URI [-ReturnType:Value] [-Shallow]
         [-BasePropertiesOnly] [-SWITCH:VALUE [-SWITCH:VALUE] ...]

   Remove an instance of RESOURCE_URI:
      winrm delete RESOURCE_URI [-SWITCH:VALUE [-SWITCH:VALUE] ...]

   Execute method specified by ACTION on target object specified by RESOURCE_URI

   Display error message associate with the error code.
      winrm helpmsg errorcode


                    The authentication mechanism to use when communicating
                    with the remote machine.

   -defaultCreds    Allow implicit credentials when Negotiate is used.
                    Remote HTTPS operations for trusted machines.

   -dialect:VALUE   Dialect of the filter expression for enumeration or fragment.
                    Example: Use a WQL query
                    Example: Use XPATH for filtering with enumeration or fragment get/set.

   -encoding:VALUE  The encoding type when talking to remote machine (see -remote).
                    Possible options are "utf-8" (the default) or "utf-16".

   -f[ormat]:FORMAT The format of output. FORMAT can be "xml",
                    "pretty" (better formatted XML), or "text".

   -r[emote]:VALUE  Specify the identifier of a remote endpoint/system.
                    This can be a simple host name or a complete URL.

   -skipCAcheck     The certificate issuer need not be a trusted root authority.
                    Remote HTTPS operations for trusted machines.

   -skipCNcheck     The certificate common name (CN) of the server need not match
                    the hostname of the server. HTTPS operations for trusted machines.

   -skipRevocationcheck  Do not check the revocation status of the server certificate.
                    Remote HTTPS operations for trusted machines.

   -SPNPort         Append port number to the Service Principal Name (SPN) of the
                    remote server. 
                    Service principal name is used when Negotiate or Kerberos authentication
                    mechanism is in use.

   -timeout:MS      Timeout in milliseconds. Limits duration of corresponding operation.
                    Default timeout can be configured by:
                       winrm set winrm/config @{MaxTimeoutms="XXXXXX"}
                    Where XXXXXX is an integer indicating milliseconds.


                    Input from an XML file or via key/value pairs.
                    Applies to set, create, and invoke operations

   -fragment:VALUE  Specify a section inside the instance XML that is to be updated or
                    retrieved for the given operation.
                     Example: Get the status of the spooler service
                       winrm get wmicimv2/Win32_Service?name=spooler -fragment:Status/text()

                     Key/value pairs for provider-specific options.

WinRM is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate.

To improve security, WinRM 2.0 uses HTTP/HTTPS ports 5985/5986 by default.

If the computer name is passed using r:<Computername> , then the default client port will be used (by default, 5985/5986).
If the computer name is passed as a URI, such as r:http://Mycomputer/wsman, then the IE default ports will be used (ports 80/443 by default).


Configure Windows Remote Management on the server (DemoServer2), run this from an elevated CMD (or powershell) prompt:
C:\> winrm quickconfig

On a client you can then open a remote shell connected to DemoServer2 with:
winrs -r:DemoServer2 cmd

Retrieve current configuration in XML format:
winrm get winrm/config -format:pretty

Retrieve spooler instance of Win32_Service class:
winrm get wmicimv2/Win32_Service?Name=spooler

Modify a configuration property of WinRM:
winrm set winrm/config @{MaxEnvelopeSizekb="100"}

Disable a listener on this machine:
winrm set winrm/config/Listener?Address=*+Transport=HTTPS @{Enabled="false"}

Create instance of HTTP Listener on IPv6 address:
winrm create winrm/config/Listener?Address=IP:3ffe:8311:ffff:f2c1::5e61+Transport=HTTP

Delete the HTTP listener on this machine for given IP address:
winrm delete winrm/config/Listener?Address=IP:

Call StartService method on Spooler service:
winrm invoke StartService wmicimv2/Win32_Service?Name=spooler

Call Create method of Win32_Process class with specified parameters:
winrm invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe";CurrentDirectory="C:\"}

Display error message associated with the error code 0x5:

winrm helpmsg 0x5

“Start where you are. Distant fields always look greener, but opportunity lies right where you are. Take advantage of every opportunity of service” ~ Robert Collier


WINRS - Windows Remote Shell
Powershell: New-PSSession - this cmdlet now takes on two different parameter sets: ComputerName and ConnectionURI.

© Copyright 1999-2015
Some rights reserved