This is a Go command-line executable to execute remote commands on Windows machines through the use of WinRM/WinRS.
Note: this tool doesn't support domain users (it doesn't support GSSAPI nor Kerberos). It's primary target is to execute remote commands on EC2 windows machines.
WinRM is available on Windows Server 2008 and up. This project natively supports basic authentication for local accounts, see the steps in the next section on how to prepare the remote Windows machine for this scenario. The authentication model is pluggable, see below for an example on using Negotiate/NTLM authentication (e.g. for connecting to vanilla Azure VMs).
This project supports only basic authentication for local accounts (domain users are not supported). The remote windows system must be prepared for winrm:
For a PowerShell script to do what is described below in one go, check Richard Downer's blog
On the remote host, a PowerShell prompt, using the Run as Administrator option and paste in the following lines:
winrm quickconfig
y
winrm set winrm/config/service/Auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}'
N.B.: The Windows Firewall needs to be running to run this command. See Microsoft Knowledge Base article #2004640.
N.B.: Do not disable Negotiate authentication as the windows winrm
command itself uses this for internal authentication, and you risk getting a system where winrm
doesn't work anymore.
N.B.: The MaxMemoryPerShellMB
option has no effects on some Windows 2008R2 systems because of a WinRM bug. Make sure to install the hotfix described Microsoft Knowledge Base article #2842230 if you need to run commands that uses more than 150MB of memory.
For more information on WinRM, please refer to the online documentation at Microsoft's DevCenter.
You can build winrm-cli from source:
git clone https://github.com/masterzen/winrm-cli
cd winrm-cli
make
This will generate a binary in the base directory called ./winrm
.
Note: you need go 1.5+. Please check your installation with
go version
Once built, you can run remote commands like this:
./winrm -hostname remote.domain.com -username "Administrator" -password "secret" "ipconfig /all"
docker build -t winrm .
Once built, you can run remote commands like this:
docker run -it --rm winrm -hostname remote.domain.com -username "Administrator" -password "secret" "ipconfig /all"