winrm (Windows Remote Management) is used to make a remote connection to a Windows server. The pip list command can be used to determine if you have the pywinrm module installed.
~]$ pip list
Package Version
---------------------------------- ------------------
ansible 2.9.12
certifi 2020.6.20
cffi 1.14.2
chardet 3.0.4
cryptography 3.0
idna 2.10
Jinja2 2.11.2
lxml 4.5.2
MarkupSafe 1.1.1
nsx-policy-python-sdk 2.5.1.0.5.16221899
nsx-python-sdk 2.5.1.0.5.16221899
nsx-vmc-aws-integration-python-sdk 2.5.1.0.5.16221899
nsx-vmc-policy-python-sdk 2.5.1.0.5.16221899
pip 20.2.3
pycparser 2.20
pyOpenSSL 19.1.0
pyvmomi 7.0
PyYAML 5.3.1
requests 2.24.0
setuptools 49.6.0
six 1.15.0
suds-jurko 0.6
urllib3 1.25.10
vapi-client-bindings 3.3.0
vapi-common-client 2.15.0
vapi-runtime 2.15.0
vmc-client-bindings 1.26.0
vmc-draas-client-bindings 1.10.0
vSphere-Automation-SDK 1.32.0
If you don't have the pywinrm module installed, the pip install command can be used.
pip install pywinrm
The winrm get winrm/config command on the Windows machine should return the allowed authentication methods.
Config
Client
Auth
Basic = true
Digest = false
Kerberos = true
Negotiate = true <- this is NTLM
Certificate = true
CredSSP = false
Here is a very simple Python script that will make a connection to a Windows hosting using NTLM and to return the output of the ipconfig /all command.
#!/usr/bin/python3
import sys
import winrm
server = 'server1.example.com'
domain = 'appl'
user = 'JohnDoe'
password = 'itsasecret'
try:
session = winrm.Session(server, auth=('{}@{}'.format(user, domain), password), transport='ntlm')
except Exception as exception:
print(f"winrm.Session raised the following exception: {exception}")
sys.exit()
else:
print(f"Successfully created winrm (Windows Remote) session to {server} as {user}")
command = session.run_cmd('ipconfig', ['/all'])
for line in command.std_out.splitlines():
print(f"stdout line = {line}")
for line in command.std_err.splitlines():
print(f"stderr line = {line}")
If you want to use Kerberos instead of NTLM, you may need to install the following packages.
yum install gcc python-devel krb5-devel krb5-workstation
And you probably will need to use pip install to install the Python Kerberos packages.
pip install pywinrm[kerberos]
pip install pykerberos
The kinit command can be used to get or renew a Kerberos Ticket Granting Ticket (TGT) from the Kerberos Key Distribution Center (KDC).
~]# kinit johndoe@mydomain.example.com
Password for johndoe@mydomain.example.com:
And then the klist command can be used to list your Kerberos ticket.
~]$ klist
Ticket cache: KEYRING:persistent:johndoe:johndoe
Default principal: johndoe@mydomain.example.com
Valid starting Expires Service principal
06/13/2023 03:01:05 06/13/2023 13:01:05 krbtgt/mydomain.example.com@mydomain.example.com
renew until 06/20/2023 03:01:02
subprocess is used to invoke the kinit command to get or renew a Kerberos Ticket Granting Ticket (TGT) from the Kerberos Key Distribution Center (KDC).
And then see if you are able to connect using Kerberos.
#!/usr/bin/python3
import sys
import winrm
server = 'server1.example.com'
domain = 'APL.EXAMPLE.COM'
user = 'JohnDoe'
password = 'itsasecret'
command = "echo "+password+" | kinit "+str(user)+"@"+str(domain)
subprocess.Popen(command, shell=True, stdout=subprocess.PIPE)
try:
session = winrm.Session(server, auth=('{}@{}'.format(user, domain), ''), transport='kerberos')
except Exception as exception:
print(f"winrm.Session raised the following exception: {exception}")
sys.exit()
else:
print(f"Successfully created winrm (Windows Remote) session to {server} as {user}")
Did you find this article helpful?
If so, consider buying me a coffee over at 