Windows Remote Shell
Syntax winrs [-/SWITCH[:VALUE]] COMMAND Key COMMAND Any string that can be executed as a command in the cmd.exe shell. (All switches accept both short form or long form. For example both -r and -remote are valid.) -r[emote]:ENDPOINT The target endpoint using a NetBIOS name or the standard connection URL: [TRANSPORT://]TARGET[:PORT]. If not specified -r:localhost is used. -un[encrypted] Messages to the remote shell will not be encrypted. This is useful for troubleshooting, or when the network traffic is already encrypted using ipsec, or when physical security is enforced. By default the messages are encrypted using Kerberos or NTLM keys. This switch is ignored when HTTPS transport is selected. -u[sername]:USERNAME Username. If -username is specified, -password must be as well. If not specified Winrs will negotiate authentication or prompt. -p[assword]:PASSWORD Password. If not specified winrs will prompt for it. -d[irectory]:PATH The starting directory for remote shell. If not specified the remote shell will start in %USERPROFILE%. -env[ironment]:STRING=VALUE A single environment variable to be set when shell starts. This allows changing default environment for the shell. Multiple occurrences of this switch can be used. -noe[cho] Disable echo. This might be necessary to ensure that user's answers to remote prompts are not displayed locally. By default echo is "on". -nop[rofile] Do not load the user's profile. By default the server will attempt to load the user profile. If the remote user is not a local administrator on the target system then this option will be required. -comp[ression] Turn on compression. Older installations on remote machines may not support compression so it is off by default. -[use]ssl Use an SSL connection when using a remote endpoint. Specifying this instead of the transport "https:" will use the default WinRM default port. -? Help
To terminate the remote command press Ctrl-C or Ctrl-Break, which will be sent to the remote shell. The second Ctrl-C will force termination of winrs.exe.
The URI alias to manage active shells is shell/cmd. The URI alias for WinRS configuration is winrm/config/winrs.
Configure Windows Remote Management on the server (DemoServer2), run this from an elevated CMD (or powershell) prompt:
C:\> winrm quickconfig
On a client you can then open a remote shell connected to DemoServer2 with:
winrs -r:DemoServer2 cmd
Batch file to quickly open a remote cmd shell:
winrs -r:%1 cmd
Run a dir command on a remote machine:
C:\> winrs -r:DemoServer3 dir
Run an install package on a remote server:
C:\> winrs -r:Server25 msiexec.exe /i c:\install.msi /quiet
Run a powershell script on the remote box:
C:\> winrs /r:DemoServer2 powershell.exe -nologo -noprofile -command d:\test\test.ps1
You can't open a full interactive remote PowerShell console, but as remoting is built-in to PowerShell 2.0 there is no need.
Connecting to the remote server 'myserver'
winrs -r:https://myserver.com command
winrs -r:myserver.com -usessl command
winrs -r:myserver command
winrs -r:http://127.0.0.1 command
winrs -r:http://220.127.116.11:80 -unencrypted command
winrs -r:https://[::FFFF:18.104.22.168] command
winrs -r:http://[1080:0:0:0:8:800:200C:417A]:80 command
winrs -r:https://myserver.com -t:600 -u:administrator -p:$%fgh7 ipconfig
winrs -r:myserver -env:PATH=^%PATH^%;c:\tools -env:TEMP=d:\temp config.cmd
winrs -r:myserver netdom join myserver /domain:testdomain /userd:johns /passwordd:$%fgh789
“Perhaps when distant people on other planets pick up some wavelength of ours all they hear is a continuous scream” ~ Iris Murdoch
WINRM - Windows Remote Management, manage active remote shells & WinRS configuration.
Powershell: Enable-PSRemoting - Configure the computer to receive remote commands.