PowerShell

PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language.

Creating a WMI Connection

To create the connection you need:

• A machine URL
• An account username and password
• A Windows share

Obtaining the credentials

Connecting over the Windows Management Instrumentation protocol requires WMI set up for a user on the machine.

Follow the Microsoft Documentation to create a WMI client on the target machine.

Creating your connection

1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
2. Select the WMI icon. A dialog box with name of the connection and connection methods appears.
3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
4. Select WMI as the method to create the connection.
5. Fill in the parameters:
   • (Optional) The URL to your machine. Do not include the protocol in this field. If left empty, the URL must be specified in the parameters of the Run Command Over WMI action. This enables reusing connection details to different hosts or to a location only known at runtime.
   • The Username of an account on the machine authorized to use WMI
   • The Password to the account authorized to use WMI
   • Which authorization Share the WMI session should have access to
6. (Optional) Click Test Connection to test it.
7. Click Create connection. The new connection appears on the Connections page.

Creating a WinRM Connection

To create the connection you will need the following:

• Machine URL
• Account username and password
  • For domain users, make sure to add the domain in the following format: <domain>\<username>.
• Authentication certificate (optional) - this is necessary when using an HTTPS endpoint configured with a self-signed certificate

note

The system will attempt to determine the correct endpoint URL based on the following formats:

• windows-host -> http://windows-host:5985/wsman
• windows-host:1111 -> http://windows-host:1111/wsman
• http://windows-host -> http://windows-host:5985/wsman
• http://windows-host:1111 -> http://windows-host:1111/wsman
• http://windows-host:1111/wsman -> http://windows-host:1111/wsman

If you intend to use an HTTPS endpoint (encrypted communications),
make sure to use the specified format: https://<your-ip-or-domain>:<port-number>/wsman

For example: https://windows-host:5986/wsman

Enabling WinRM on a Remote Host

For Windows Remote Management (WinRM) scripts to function and for the winrm command-line tool to perform data operations, WinRM has to be both installed and configured.

1. Enable WinRM basic authentication

   # from powershell:
   Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true

   # from cmd:
   winrm set winrm/config/service/auth @{Basic="true"}

2. Ensure that WinRM inbound requests are not blocked by the Windows Firewall.

   To allow WinRM requests, follow these steps:

   1. Open Windows Firewall.
   2. Access the advanced options.
   3. Navigate to "Inbound Rules".
   4. Locate and select "Windows Remote Management (HTTP-In)" or "Windows Remote Management (HTTPS-In)", depending on the endpoint you're using.
   5. Go to the "Scope" section.
   6. Add the desired remote IP addresses to allow the WinRM requests.

For more information, follow the Microsoft Documentation to create a WinRM client on the target machine.

WinRM over HTTP - unencrypted

When communicating over an unencrypted connection, a certificate is not required. Adding one to the connection will not have any impact.

1. Create an HTTP listener by typing the following command:

   winrm quickconfig

   The default HTTP port is 5985.

2. Allow unencrypted communications:

   # from powershell:
   Set-Item -Path "WSMan:\localhost\Service\AllowUnencrypted" -Value $true

   # from cmd:
   winrm set winrm/config/service @{AllowUnencrypted="true"}

WinRM over HTTPS - encrypted

1. The WinRM host must possess a certificate for communication over the HTTPS protocol. You can either obtain or generate a certificate.

2. Once you have obtained or generated the certificate, add it using the Microsoft Management Console.

   note

   • If the certificate was issued by a trusted CA, a public certificate will not be needed in the connection.
   • If the certificate is self-signed, you will need to take one of the following steps to establish trust in the server's certificate:
     • Check the Ignore Server Certificate Validation checkbox during connection setup.
     • Include the server's public certificate in the connection setup.

3. Create an HTTPS listener by typing the following command:

   winrm quickconfig -transport:https

   The default HTTPS port is 5986.

   For more information, follow the Microsoft Documentation - How to configure WINRM for HTTPS.

Creating your connection

1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
2. Select the WinRM icon. A dialog box with name of the connection and connection methods appears.
3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
4. Select WinRM as the method to create the connection.
5. Fill in the parameters:
   • (Optional) The URL to your machine. Do not include the protocol in this field. If left empty, the URL must be specified in the parameters of the Run Command Over WinRM action. This enables reusing connection details to different hosts or to a location only known at runtime.
   • The Username of an account on the machine authorized to use WinRM
   • The Password to the account authorized to use WinRM
   • Whether to validate the server's certificate or not.
   • The certificate (optional).
6. (Optional) Click Test Connection to test it.
7. Click Create connection. The new connection appears on the Connections page.