Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:configuration_-_winrm [2019/10/08 13:38] fiserp [Commons issues] |
tutorial:adm:configuration_-_winrm [2021/05/24 08:09] kucerar spell fixes |
||
---|---|---|---|
Line 57: | Line 57: | ||
===== Permission configuration ===== | ===== Permission configuration ===== | ||
- | If you want to use user which is not admin then we need a more configuration. If you want to use admin user you should ready to go even without it. | + | If you want to use user which is not admin then we need to do a more configuration. If you want to use admin user you should |
Now we need to set the right permissions. It's tested against NTLM, Kerberos and CredSSP auth | Now we need to set the right permissions. It's tested against NTLM, Kerberos and CredSSP auth | ||
Line 68: | Line 68: | ||
* Computer Management -> Services and Application -> right click WMI Control -> Properties | * Computer Management -> Services and Application -> right click WMI Control -> Properties | ||
* In new dialog window -> tab Security -> Root -> CIMV2 and click button Security | * In new dialog window -> tab Security -> Root -> CIMV2 and click button Security | ||
- | * Next dialog window will appear - you need to add group here | + | * Next dialog window will appear - you need to add group here (WinRMRemoteWMIUsers__ or Remote Management Users) |
* You need to select these options in the checkboxes - Execute Methods, Enable Account and Remote Enable | * You need to select these options in the checkboxes - Execute Methods, Enable Account and Remote Enable | ||
* Click on Advanced - select and edit group -> Set " | * Click on Advanced - select and edit group -> Set " | ||
Line 78: | Line 78: | ||
* < | * < | ||
{{: | {{: | ||
- | * Add group and give it Full Control | + | * Add group and give it Full Control |
* Confirm changes | * Confirm changes | ||
Line 161: | Line 161: | ||
- Editing '' | - Editing '' | ||
- When running winrm script with NTLM, the warning should no longer pop up. | - When running winrm script with NTLM, the warning should no longer pop up. | ||
+ | |||
+ | === HTTPS certificate not trusted === | ||
+ | Python, by default, uses its own certificate truststore located somewhere under ''/ | ||
+ | <code python> | ||
+ | import os | ||
+ | # there, you can explicitly set path to your CA chain | ||
+ | # DO NOT put there server' | ||
+ | os.environ[" | ||
+ | |||
+ | from winrm.protocol import Protocol | ||
+ | |||
+ | p = Protocol( | ||
+ | endpoint=' | ||
+ | transport=' | ||
+ | username=' | ||
+ | password=' | ||
+ | # | ||
+ | shell_id = p.open_shell() | ||
+ | command_id = p.run_command(shell_id, | ||
+ | std_out, std_err, status_code = p.get_command_output(shell_id, | ||
+ | p.cleanup_command(shell_id, | ||
+ | p.close_shell(shell_id) | ||
+ | |||
+ | # this will output all that returned from the WinRM call | ||
+ | print " | ||
+ | print " | ||
+ | print " | ||
+ | </ | ||
===== HTTPS support ===== | ===== HTTPS support ===== | ||
The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client. | The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client. |