WINRM Simple Example Using HTTPS/TLS & Basic Auth

https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.4

Note we are creating self signed certificate called localhost & ignoring TLS cert validation for simplicity in this example. You do not want to do this in production. Since we aren't using encrypted messaging via NTLM/Kerberos we want to make sure AllowUnencrypted is set to false so TLS/HTTPS transport is required

Simple setup

Create myuser and add to Administrators group

https://stackoverflow.com/questions/38105486/winrm-the-specified-credentials-were-rejected-by-the-server

Create User

$Password = Read-Host -AsSecureString
$params = @{
    Name        = 'myuser'
    Password    = $Password
    FullName    = 'Test User'
    Description = 'Description of this account.'
}
New-LocalUser @params

Add myuser to Administrators group

Add-LocalGroupMember -Group "Administrators" -Member "myuser"

Enable PSRemoting

Delete existing listeners

winrm delete winrm/config/Listener?Address=*+Transport=HTTP
winrm delete winrm/config/Listener?Address=*+Transport=HTTPS

Enable HTTPS 5986 Listener

# Configure WinRM to use HTTPS and enable basic authentication
Enable-PSRemoting -Force -SkipNetworkProfileCheck
Set-Item WSMan:\localhost\Service\Auth\Basic -Value $true
Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $false

# Create a self-signed certificate (replace with a valid certificate in production)
$cert = New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation cert:\LocalMachine\My
$thumbprint = $cert.Thumbprint

# Configure WinRM listener to use HTTPS and the created certificate
New-Item -Path WSMan:\localhost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $thumbprint -Force

# Restart WinRM service to apply changes
Restart-Service WinRM

Simple script to run hostname command via winrm https 5986

#!/usr/bin/env python3
import winrm

destination = 'https://10.x.x.x:5986'
username = 'myuser'
password = 'mysecret'

session = winrm.Session(destination,
                        auth=(username, password),
                        # transport='certificate',
                        transport='ssl',
                        server_cert_validation='ignore'
    )

result = session.run_ps('hostname')
print(result.std_out.decode())

Certificate might be something like but haven't got to work

cert_pem = 'host.crt'
cert_key_pem = 'host.key'

session = winrm.Session(destination,
                        auth=(username, password),
                        transport='certificate',
                        cert_pem=cert_pem,
                        cert_key_pem=cert_key_pem,

Winrm https basic auth with pywinrm

Contents