WINRM -remote

Windows Remote Management

When connecting remotely, you can specify which credentials, authentication mechanisms, proxy access type, proxy credentials and proxy authentication mechanisms to use.

Syntax
      winrm OPERATION -remote:VALUE [-unencrypted] [-usessl]
         [-authentication:VALUE] [-username:USERNAME] 
            [-password:PASSWORD] [-certificate:THUMBPRINT]
               [-proxyaccess:VALUE] [-proxyauth:VALUE]  
                  [-proxyusername:USERNAME] [-proxypassword:PASSWORD]

Key:
   -r[emote]:VALUE
                  Identifier of remote system, a simple host name or a complete URL.

                  [TRANSPORT://]HOST[:PORT][/PREFIX]

                  Transport: One of HTTP or HTTPS; default is HTTP.
                  Host: a DNS name, NetBIOS name, or IP address.
                  Port: If port is not specified then the following default rules apply:
                          * If transport is specified to HTTP then port 80 is used.
                          * If transport is specified to HTTPS then port 443 is used.
                          * If transport is not specified and -usessl is not specified then port
                            5985 is used for an HTTP connection.
                          * If transport is not specified and -usessl is specified then port 5986
                            is used for an HTTPS connection.
                  Prefix: Defaults to wsman.

   -a[uthentication]:VALUE
                  If none are specified the current 
                  logged-on user's credentials will be used.
                  The authentication mechanism used:
                    -a:None
                    -a:Basic
                    -a:Digest
                    -a:Negotiate
                    -a:Kerberos
                    -a:Certificate
                    -a:CredSSP

   -u[sername]:USERNAME
                  The username on a remote machine. The user must
                  be member of local Administrators group on remote machine.
                  e.g. -username:USERNAME or -username:DOMAIN\USERNAME for
                  a domain account.
                  If Kerberos is used, and  -username is not supplied, then
                  the current logged-on domain user's credentials are used.

   -p[assword]:PASSWORD
                  The password, applies only if -username is used.

   -c[ertificate]:THUMBPRINT
                  The thumbprint of a certificate that must exist in the local
                  machine store or in the current user store.
                  The certificate must be intended for client authentication.
                  Applies only if -a:Certificate is used.
                  If your THUMBPRINT contains spaces, enclose in double quotes:
                  -c:7c0cf52026401f38a2d6348761b1dd1477c4f16d
                  -c:"7c 0c f4 20 26 40 1f 38 a2 d6 34 87 61 b1 dd 14 77 c4 f1 6d"

   -p[roxy]ac[cess]:VALUE
                 The proxy settings to retrieve when connecting to a remote machine:
                 -pac:ie_settings  (default)
                 -pac:winhttp_settings
                 -pac:auto_detect
                 -pac:no_proxy

   -p[roxy]a[uth]:VALUE
                 The authentication mechanism used to authenticate with a proxy:
                 -pa:Basic
                 -pa:Digest
                 -pa:Negotiate
                 If -proxyauth is used then -proxyaccess is required.

   -p[roxy]u[sername]:USERNAME
                  The username to authenticate with proxy. Cannot be used on local machine.
                  If the user account is a local account on the remote machine,
                  the syntax should be in the form -proxyusername:USERNAME
                  If the username is a domain account, the syntax should be in the form
                  -proxyusername:DOMAIN\USERNAME
                  If -proxyusername is used then -proxyauth is required.

   -p[roxy]p[assword]:PASSWORD
                  Password, applies only if -proxyusername is used.

   -un[encrypted] No encryption will be used when doing remote operations over
                  HTTP. Unencrypted traffic is not allowed by default and must
                  be enabled in the local configuration.

   -[use]ssl      Use an SSL connection when doing remote operations.
                  The transport in the remote option should not be specified.

When connecting remotely, you can specify which credentials, authentication mechanisms, proxy access type, proxy credentials and proxy authentication mechanisms to use.

IPv6 addresses must be enclosed in brackets.

When using HTTPS, the machine name must match the server's certificate common name (CN) unless -skipCNcheck is used.

Defaults for port and prefix can be changed in the local configuration.

If an authentication mechanism is not specified, Kerberos is used unless one of the conditions below is true, in which case Negotiate is used:
- Explicit credentials are supplied and the destination host is trusted
- The destination host is "localhost", "127.0.0.1" or "[::1]"
- The client computer is in group and the destination host is trusted.

Not all authentication mechanisms are enabled by default. Allowed authentication mechanisms can be controlled by local configuration or group policy.

Most operations will require an authentication mode other than None.

Certificate authentication can be used only with the HTTPS transport. To configure an HTTPS listener for the WinRM service run the command:
winrm quickconfig -transport:HTTPS

“Calm self-confidence is as far from conceit as the desire to earn a decent living is remote from greed” ~ Channing Pollock Read

Related commands

WINRS - Windows Remote Shell.
WINRM - Windows Remote Management, manage active remote shells & WinRS configuration.


 
Copyright © 1999-2024 SS64.com
Some rights reserved