mag72

What Is WinRM? Windows Remote Management command-line Utility

what is winrm

Windows Remote Management, or WinRM, is a Windows-native built-in remote management protocol in its simplest form that uses Simple Object Access Protocol to interface with remote computers and servers, as well as Operating Systems and applications.

WinRM is a command-line tool that is used for the following tasks:

  • Remotely communicate and interface with hosts through readily available channels/ports within your network, including workstations, servers and any operating system that supports it.
  • Execute commands remotely on systems that you are not local to you but are network accessible
  • Monitor, manage and configure servers, operating systems and client machines from a remote location.

History of WinRM

The earlier release, versions 1.1, was found in Windows Vista and Windows Server 2008, though could later be installed manually for Windows XP and Windows 2003. A newer version, 2.0, can be found in Windows 7 and Windows Server 2008 R2, and the latest version of the software, 3.0, comes pre-installed out of the box in Windows 8 and Windows 2012 Server. As for the latest windows installment, Windows 10, you’ll need to enable it as it does not come enabled by default. It does require a little bit of setup and configuration, as it is not usually enabled and configured by default, but as it comes pre-installed and ready to go it’s a pretty simple process – do note that simple doesn’t always mean easy, unfortunately.

Configuring WinRM can sometimes be a breeze though it can sometimes be a bit of a hassle to get all the errors out of the way and get it sorted out just right. Thankfully a great number of resources exist to aid in this part of the process and even several tools to help automate it! Check out this great Tool below from Solarwinds that allows your to Remotely Enable WinRM on any PC or Server within your Network from your workstation.

WinRM enable remotely on servers and pc

A sort of sister process, Windows Remote Shell or WinRS, is the counterpart to WinRM. WinRS acts as the clients to WinRMs server component, providing the actual functionality and method of enacting commands and processes. Most actual remote commands will be run via WinRS to a remote system with WinRM configured on it.

WinRM has several noteworthy benefits and strengths. As mentioned above, it’s built into the operating system, making installation and compatibility less of an issue. It utilizes SOAP (Simple Object Access Protocol) requests in XML format, making it quite simple to work with.

Ports and Compatibility

WinRM Port is 5985 and 5986 (HTTPS)

In previous versions of WinRM, though, communications used to be done over port 80/443. But since many server administrators take extra pre-cautions when locking down servers and desktop machines, blocking incoming traffic on Ports 80 and 443 was a given. This was a problem for Powershell and WS-Management users as to why their connections where getting blocked and/or dropped while trying to manage systems remotely – thus leading Microsoft to change the default ports to the ones specified above, HTTP Port 5985 and HTTPS Port 5986 for WinRM connectivity.

If for some reason using the new port assignments are going to be a problem for your environment, and you would like configure systems to accept traffic on HTTP Port 80 and HTTPS Port 443, then this is where “Compatibility Listeners” come into play.

Compatibility Listeners cant be directly addressed, as other listeners are, but you can however allow traffic on these ports by either running a special command that configures the WinRM service to enable traffic on either port 80 or 443 like this:

winrm set winrm/config/service @{EnableCompatibilityHttpListener=”true”}


winrm set winrm/config/service @{EnableCompatibilityHttpsListener=”true”}

or applying a New Group Policy settings within this string:

Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service

and then set either of these keys to “YES”

“Turn On Compatibility HTTP Listener” (if you would like to allow WinRM over HTTP port 80)

“Turn On Compatibility HTTPS Listener” (if you would like to allow WinRM over HTTPS port 443)

You can find more info about compatilibity settings on the MSDN Blog post here

 

It is worth pointing out that WinRM/WinRS can be a little finnicky when it comes to user accounts and permissions – any long time Windows environment tech won’t be too surprised by this. When dealing with remote management in a situation like this you have to be pretty sure your accounts and permissions are properly configured, and there’s several ways that you can set things up so that it works perfectly with WinRM. It does introduce on potential flaw, but only in the case of particularly bad password and user account etiquette. Generally speaking, though, the usual nuances apply here like with most Windows workgroup accounts and permissions. If I am logged into an ‘Administrator’ account with a certain password and hit up WinRM on another system which has the exact same username and password combination, then I’m in with full permissions.

 

But with the basics of what WinRM is out of the way, it begs the obvious next question – what can it do? As the name intuitively implies it’s all about remote management. Part of it’s strength lies in its ability to do far more than just manage workstations, though – WinRM can provide remote management to a range of devices, physical and soft, including applications, a wide range of different vendors’ hardware, operating systems (not just Windows!), and more.

Almost any range of commands can be performed remotely once setup and configured properly, which does become especially useful in the realm of managing workstations and servers on any Windows-based environment, as you can effortlessly start and and stop processes, check configurations and system status, perform maintenance, install or remove services.. just about anything!

 

If there’s a command line process that you can run on a Windows system then it’s a sure bet you can use it via WinRM for remote management. There’s a lot of options for remote system management, but sometimes it’s best to just go with what’s built in and already more or less ready to go. A little configuration and setup is all it takes and you’ll be well on your way to easy native remote management, as long as the initial configuration woes don’t get in the way.

 

WinRM enable remotely on servers and pc