Allow Python winrm

Steps

Create user

# Create the password object
$Password = ConvertTo-SecureString "myPassword" -AsPlainText -Force

# Create the user account
New-LocalUser -Name "test" `
    -Password $Password `
    -FullName "Test Automation User" `
    -Description "User for WinRM access" `
    -PasswordNeverExpires

Add-LocalGroupMember -Group "Remote Management Users" -Member "test"

Firewall rule

New-NetFirewallRule -DisplayName "Allow WinRM from Specific IP" `
    -Direction Inbound `
    -LocalPort 5986 `
    -Protocol TCP `
    -Action Allow `
    -RemoteAddress 10.x.x.x

#

icm '10.x.x.x' -Cr $c -Port 5986 -UseSSL -SessionOption $o { "5986 OK" }

User must belong to this with Read & Execute for python winrm

winrm configSDDL default

Restart if needed

Restart-Service WinRM

Python

import winrm

s = winrm.Session(
    '10.x.x.x',                       # IP/host is fine
    auth=(r'test', 'mypassword'),     # .\ for local user; DOMAIN\user for domain
    transport='ssl',                     # HTTPS on 5986 with Basic over TLS
    server_cert_validation='ignore',     # OK for self-signed / lab
    message_encryption='auto',           # Optional; mostly irrelevant over HTTPS
)

try:
    r = s.run_cmd('hostname')
    print("Status:", r.status_code)
    print("STDOUT:", r.std_out.decode(errors="ignore").strip())
    print("STDERR:", r.std_err.decode(errors="ignore").strip())
except Exception as e:
    print("Error:", e)

Notes on winrm configSDDL

Opens Permissions Dialog: Running winrm configSDDL default brings up the familiar Windows security permissions dialog for the default WinRM listener.
Grants Non-Admin Access: You add non-admin users/groups (e.g., DOMAIN\User) and check "Allow" for Read and Execute permissions, enabling them to use remote management tools like PowerShell remoting.
Manages RootSDDL: This command effectively configures the RootSDDL setting, which defines who can access the WinRM service remotely.