Windows Remote Management

winrs
Developer(s)	Microsoft
Operating system	Microsoft Windows
Type	Command
License	Proprietary commercial software
Website	docs.microsoft.com/en-us/windows-server/administration/windows-commands/winrs

WinRM (Windows Remote Management)
Developer(s)	Microsoft
Operating system	Microsoft Windows
Type	Application programming interface
License	Proprietary commercial software
Website	docs.microsoft.com/en-us/windows/win32/winrm/portal

Last updated March 01, 2023

WinRM (Windows Remote Management) is Microsoft's implementation of WS-Management in Windows which allows systems to access or exchange management information across a common network. Utilizing scripting objects or the built-in command-line tool, WinRM can be used with any remote computers that may have baseboard management controllers (BMCs) to acquire data. On Windows-based computers including WinRM, certain data supplied by Windows Management Instrumentation (WMI) can also be obtained.^[1]

Components

WinRM Scripting API
- Provides an Application programming interface enabling scripts to remotely acquire data from computers that perform WS-Management operations.
winrm.cmd
- Built-in systems management command line tool allowing a machine operator to configure WinRM. Implementation consists of a Visual Basic Scripting (VBS) Edition file (Winrm.vbs) which is written using the aforementioned WinRM scripting API.
winrs.exe
- Another command line tool allowing the remote execution of most Cmd.exe commands. This tool utilizes the WS-Management protocol.
Intelligent Platform Management Interface (IPMI) driver
- Provides hardware management and facilitates control of remote server hardware through BMCs. IPMI is most useful when the operating system is not running or deployed as it allows for continued remote operations of the bare metal hardware/software.
WMI plug-in
- Allows WMI data to be made available to WinRM clients.^[2]
WMI service
- Leverages the WMI plug-in to provide requested data or control and can also be used to acquire data from most WMI classes. Examples include the Win32_Process, in addition to any IPMI-supplied data.
WS-Management protocol
- Web Services Management is a DMTF open standard defining a SOAP-based protocol for the management of servers, devices, applications and various Web services. WS-Management provides a common way for systems to access and exchange management information across the IT infrastructure.^[3]

Ports
- By default WinRM HTTPS used 5986 port, and HTTP uses 5985 port. By default, port 5985 is in listening mode, but port 5986 has to be enabled.

Common uses

Ansible communicates with Windows servers over WinRM using the Python pywinrm package and can remotely run PowerShell scripts and commands.^[4]

Thycotic's Secret Server also leverages WinRM to enable PowerShell remoting.^[5]

SolarWinds Server and Application Monitoring software (SAM) utilizes a WinRM server on monitored servers for its PowerShell integration.^[6]

CloudBolt leverages WinRM as part of Blueprints, Server Actions, and CB Plugins to execute remote scripts on Windows servers using the python pywinrm module.^[7]

Security

WinRM uses Kerberos for initial authentication by default. This ensures that actual credentials are never sent in client-server communications, instead relying on features such as hashing and tickets to connect.^[8] Although WinRM listeners can be configured to encrypt all communications using HTTPS, with the use of Kerberos, even if unencrypted HTTP is used, all communication is still encrypted using a symmetric 256-bit key after the authentication phase completes. Using HTTPS with WinRM allows for additional security by ensuring server identity via SSL/TLS certificates thereby preventing an attacker from impersonating it.^[9]

Related Research Articles

Telnet is a client/server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. Telnet consists of two components: (1) the protocol itself which specifies how two parties to communicate and (2) the software application that provides the service. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP). Telnet was developed in 1969 beginning with RFC 15, extended in RFC 855, and standardized as Internet Engineering Task Force (IETF) Internet Standard STD 8, one of the first Internet standards. Telnet transmits all information including usernames and passwords in plaintext so it is not recommended for security-sensitive applications such as remote management of routers. Telnet's use for this purpose has waned significantly in favor of SSH. Some extensions to Telnet which would provide encryption have been proposed.

Uptime is a measure of system reliability, expressed as the percentage of time a machine, typically a computer, has been working and available. Uptime is the opposite of downtime.

Windows Management Instrumentation (WMI) consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF).

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy allows Group Policy Object management without Active Directory on standalone computers.

In computing, Web-Based Enterprise Management (WBEM) comprises a set of systems-management technologies developed to unify the management of distributed computing environments. The WBEM initiative, initially sponsored in 1996 by BMC Software, Cisco Systems, Compaq Computer, Intel, and Microsoft, is now widely adopted. WBEM is based on Internet standards and Distributed Management Task Force (DMTF) open standards:

WS-Management is a DMTF open standard defining a SOAP-based protocol for the management of servers, devices, applications and various Web services. WS-Management provides a common way for systems to access and exchange management information across the IT infrastructure.

<span class="mw-page-title-main">Shell (computing)</span> Computer program that exposes an operating systems services to a human user or other programs

In computing, a shell is a computer program that exposes an operating system's services to a human user or other programs. In general, operating system shells use either a command-line interface (CLI) or graphical user interface (GUI), depending on a computer's role and particular operation. It is named a shell because it is the outermost layer around the operating system.

The Dell Remote Access Controller (DRAC) is an out-of-band management platform on certain Dell servers. The platform may be provided on a separate expansion card, or integrated into the main board; when integrated, the platform is referred to as iDRAC.

Integrated Lights-Out, or iLO, is a proprietary embedded server management technology by Hewlett-Packard Enterprise which provides out-of-band management facilities. The physical connection is an Ethernet port that can be found on most ProLiant servers and microservers of the 300 and above series.

As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.

Event Viewer is a component of Microsoft's Windows NT operating system that lets administrators and users view the event logs on a local or remote machine. Applications and operating-system components can use this centralized log service to report events that have taken place, such as a failure to start a component or to complete an action. In Windows Vista, Microsoft overhauled the event system.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle, and enables DevOps capabilities. Azure DevOps can be used as a back-end to numerous integrated development environments (IDEs) but is tailored for Microsoft Visual Studio and Eclipse on all platforms.

PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language. Initially a Windows component only, known as Windows PowerShell, it was made open-source and cross-platform on 18 August 2016 with the introduction of PowerShell Core. The former is built on the .NET Framework, the latter on .NET.

Security Support Provider Interface (SSPI) is a component of Windows API that performs security-related operations such as authentication.

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.

Progress Chef is a configuration management tool written in Ruby and Erlang. It uses a pure-Ruby, domain-specific language (DSL) for writing system configuration "recipes". Chef is used to streamline the task of configuring and maintaining a company's servers, and can integrate with cloud-based platforms such as Amazon EC2, Google Cloud Platform, Oracle Cloud, OpenStack, IBM Cloud, Microsoft Azure, and Rackspace to automatically provision and configure new machines. Chef contains solutions for both small and large scale systems.

Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.

Windows Server 2016 is the eighth release of the Windows Server server operating system developed by Microsoft as part of the Windows NT family of operating systems. It was developed alongside Windows 10 and is the successor to the Windows 8.1-based Windows Server 2012 R2. The first early preview version became available on October 1, 2014 together with the first technical preview of System Center. Windows Server 2016 was released on September 26, 2016 at Microsoft's Ignite conference and broadly released for retail sale on October 12, 2016. It was succeeded by Windows Server 2019 and the Windows Server Semi-Annual Channel.

References

↑ windows-sdk-content. "Windows Remote Management - Windows applications". docs.microsoft.com. Retrieved 2019-02-21.
↑ windows-sdk-content. "Windows Remote Management Glossary - Windows applications". docs.microsoft.com. Retrieved 2019-02-21.
↑ windows-sdk-content. "About Windows Remote Management - Windows applications". docs.microsoft.com. Retrieved 2019-02-21.
↑ "Windows Remote Management — Ansible Documentation". docs.ansible.com. Retrieved 2019-02-21.
↑ "Thycotic Support". thycotic.force.com. Retrieved 2019-02-21.
↑ "Create a WinRM HTTPS listener". SolarWinds Worldwide, LLC. Help and Support. 2016-03-24. Retrieved 2019-02-24.
↑ "Remote Scripts — CloudBolt 8.7 Documentation". docs.cloudbolt.io. Retrieved 2019-06-04.
↑ "How To: Configure WINRM for HTTPS". support.microsoft.com. Retrieved 2019-02-24.
↑ FoxDeploy (2017-02-08). "Is WinRM Secure or do I need HTTPs?". FoxDeploy.com. Retrieved 2019-02-24.

External links

Windows Remote Management - Windows applications | Microsoft Docs

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] windows-sdk-content. "Windows Remote Management - Windows applications". docs.microsoft.com. Retrieved 2019-02-21.

[2] windows-sdk-content. "Windows Remote Management Glossary - Windows applications". docs.microsoft.com. Retrieved 2019-02-21.

[3] windows-sdk-content. "About Windows Remote Management - Windows applications". docs.microsoft.com. Retrieved 2019-02-21.

[4] "Windows Remote Management — Ansible Documentation". docs.ansible.com. Retrieved 2019-02-21.

[5] "Thycotic Support". thycotic.force.com. Retrieved 2019-02-21.

[6] "Create a WinRM HTTPS listener". SolarWinds Worldwide, LLC. Help and Support. 2016-03-24. Retrieved 2019-02-24.

[7] "Remote Scripts — CloudBolt 8.7 Documentation". docs.cloudbolt.io. Retrieved 2019-06-04.

[8] "How To: Configure WINRM for HTTPS". support.microsoft.com. Retrieved 2019-02-24.

[9] FoxDeploy (2017-02-08). "Is WinRM Secure or do I need HTTPs?". FoxDeploy.com. Retrieved 2019-02-24.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

v t e Windows command-line programs and shell builtins
COMMAND.COM Command Prompt Windows PowerShell Recovery Console
File system navigation	cd (chdir) dir popd pushd tree
File management	attrib cacls cipher compact copy del (erase) deltree icacls mkdir (md) mklink move openfiles recover ren (rename) replace rmdir (rd) robocopy takeown xcopy
Archiving	expand extrac32 extract makecab pax tar
Disk management	chkdsk convert defrag diskcomp diskcopy diskpart diskraid diskshadow drvspace fdisk format fsutil label manage-bde refsutil subst scandisk sys vol vssadmin
Processes	at exit kill powercfg runas sc schtasks shutdown start taskkill tasklist
Registry	assoc ftype reg regini regsvr32
User environment	chcp cmdkey date graftabl mode path set setver setx time title ver where whoami
File contents	comp edit edlin fc find findstr print type
Scripting	choice clip cscript doskey echo for forfiles goto if more pause prompt rem timeout
Networking	arp bitsadmin curl getmac hostname ipconfig nbtstat net netsh netstat nslookup PathPing ping rpcping route scp setspn sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan tracert winrm winrs
Maintenance and care	auditpol dispdiag driverquery eventcreate eventtriggers logman mofcomp msiexec ntbackup pnpunattend pnputil REAgentC relog sfc sxstrace systeminfo tracerpt typeperf w32tm WBAdmin wecutil wevtutil winmgmt winsat wmic
Boot management	bcdedit bootcfg bootsect fixboot fixmbr
Software development	debug exe2bin QBasic
Miscellaneous	break cls dism dpath gpresult gpupdate help MSCDEX pentnt tpmtool tpmvscmgr wsl
List of DOS commands Environment variables Windows Support Tools