Difference between revisions of "Winrm python"
Jump to navigation
Jump to search
(Created page with "# Allow Python winrm ## Steps ### Create user ``` # Create the password object $Password = ConvertTo-SecureString "myPassword" -AsPlainText -Force # Create the user accoun...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 49: | Line 49: | ||
``` | ``` | ||
Restart-Service WinRM | Restart-Service WinRM | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ### Python | ||
| + | |||
| + | ``` | ||
| + | import winrm | ||
| + | |||
| + | s = winrm.Session( | ||
| + | '10.x.x.x', # IP/host is fine | ||
| + | auth=(r'test', 'mypassword'), # .\ for local user; DOMAIN\user for domain | ||
| + | transport='ssl', # HTTPS on 5986 with Basic over TLS | ||
| + | server_cert_validation='ignore', # OK for self-signed / lab | ||
| + | message_encryption='auto', # Optional; mostly irrelevant over HTTPS | ||
| + | ) | ||
| + | |||
| + | try: | ||
| + | r = s.run_cmd('hostname') | ||
| + | print("Status:", r.status_code) | ||
| + | print("STDOUT:", r.std_out.decode(errors="ignore").strip()) | ||
| + | print("STDERR:", r.std_err.decode(errors="ignore").strip()) | ||
| + | except Exception as e: | ||
| + | print("Error:", e) | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ## Notes on winrm configSDDL | ||
| + | |||
| + | ``` | ||
| + | Opens Permissions Dialog: Running winrm configSDDL default brings up the familiar Windows security permissions dialog for the default WinRM listener. | ||
| + | Grants Non-Admin Access: You add non-admin users/groups (e.g., DOMAIN\User) and check "Allow" for Read and Execute permissions, enabling them to use remote management tools like PowerShell remoting. | ||
| + | Manages RootSDDL: This command effectively configures the RootSDDL setting, which defines who can access the WinRM service remotely. | ||
``` | ``` | ||
Latest revision as of 07:25, 11 December 2025
Allow Python winrm
Steps
Create user
# Create the password object
$Password = ConvertTo-SecureString "myPassword" -AsPlainText -Force
# Create the user account
New-LocalUser -Name "test" `
-Password $Password `
-FullName "Test Automation User" `
-Description "User for WinRM access" `
-PasswordNeverExpires
Add-LocalGroupMember -Group "Remote Management Users" -Member "test"
Firewall rule
New-NetFirewallRule -DisplayName "Allow WinRM from Specific IP" `
-Direction Inbound `
-LocalPort 5986 `
-Protocol TCP `
-Action Allow `
-RemoteAddress 10.x.x.x
#
icm '10.x.x.x' -Cr $c -Port 5986 -UseSSL -SessionOption $o { "5986 OK" }
User must belong to this with Read & Execute for python winrm
winrm configSDDL default
Restart if needed
Restart-Service WinRM
Python
import winrm
s = winrm.Session(
'10.x.x.x', # IP/host is fine
auth=(r'test', 'mypassword'), # .\ for local user; DOMAIN\user for domain
transport='ssl', # HTTPS on 5986 with Basic over TLS
server_cert_validation='ignore', # OK for self-signed / lab
message_encryption='auto', # Optional; mostly irrelevant over HTTPS
)
try:
r = s.run_cmd('hostname')
print("Status:", r.status_code)
print("STDOUT:", r.std_out.decode(errors="ignore").strip())
print("STDERR:", r.std_err.decode(errors="ignore").strip())
except Exception as e:
print("Error:", e)
Notes on winrm configSDDL
Opens Permissions Dialog: Running winrm configSDDL default brings up the familiar Windows security permissions dialog for the default WinRM listener. Grants Non-Admin Access: You add non-admin users/groups (e.g., DOMAIN\User) and check "Allow" for Read and Execute permissions, enabling them to use remote management tools like PowerShell remoting. Manages RootSDDL: This command effectively configures the RootSDDL setting, which defines who can access the WinRM service remotely.