Forge Home

winrm

Module for configuring and managing Windows WinRM configurations

3,459 downloads

1,958 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.1 (latest)
  • 0.2.0
  • 0.1.2
  • 0.1.1
released Dec 16th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'encore-winrm', '0.2.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add encore-winrm
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install encore-winrm --version 0.2.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

encore/winrm — version 0.2.1 Dec 16th 2020

WinRM module for Puppet

Build Status Puppet Forge Version Puppet Forge Downloads Puppet Forge Score Puppet PDK Version puppetmodule.info docs

Table of Contents

  1. Description - What the module does and why it is useful
  2. Setup - The basics of getting started with winrm
  3. Usage - Configuration options and additional functionality
  4. Reference - Parameters and explanations

Module Description

This module configures and maintains the WinRM configurations on a Windows system.

Setup requirements

You need to be running powershell 4 or greater for this module to work correctly.

Usage

Basic usage:

class { 'winrm': }

Advanced configuration WinRM on Windows servers:

class { 'winrm':
  allow_unencrypted_enable                 => false,
  auth_basic_enable                        => false,
  auth_credssp_enable                      => false,
  auth_kerberos_enable                     => true,
  auth_negotiate_enable                    => true,
  cert_validity_days                       => 1095,
  execution_policy                         => 'RemoteSigned',
  http_listener_enable                     => false,
  https_listener_enable                    => true,
  local_account_token_filter_policy_enable => true,
  skip_network_profile_check               => false,
}

Firewall usage:

class { 'winrm::config::firewall':
  http_listener_enable  => false,
  https_listener_enable => true,
}

Reference

Parameters

allow_unencrypted_enable

Is unencrypted traffic allowed? Default is false.

class { 'winrm::config::allow_unencrypted':
  allow_unencrypted_enable => false,
}

Auth

auth_basic_enable

Is Basic Authentication allowed? Default is false

auth_credssp_enable

Is CredSSP Authentication allowed? Default is false

auth_kerberos_enable

Is Kerberos Authentication allowed? Default is true

auth_negotiate_enable

Is Negotiate Authentication allowed? Default is true

class { 'winrm::config::auth':
  auth_basic_enable     => false,
  auth_credssp_enable   => false,
  auth_kerberos_enable  => true,
  auth_negotiate_enable => true,
}

execution_policy

Server execution policy to follow. Available options are: 'AllSigned', 'Bypass', 'RemoteSigned', 'Restricted', 'Undefined', 'Unrestricted' Defualt is RemoteSigned

class { 'winrm::config::execution_policy':
  execution_policy => 'RemoteSigned',
}

http_listener_enable

Should winrm be listening for http connections. Defialt is false

class { 'winrm::config::listener::http':
  http_listener_enable => false,
}

https_listener_enable

Should winrm be listening for https connections. Defialt is true

certificate_hash

If not using a Self Signed Certificate then this hash can be passed in and used for the HTTPs/SSL listener. When specify a custom certificate, you must also specify cert_common_name that matches the subject/common name in the certificate.

class { 'winrm::config::listener::https':
  https_listener_enable => true,
  certificate_hash      => 'ABCDEF123456890',
  cert_common_name      => 'hostname.domain.tld',
}

cert_validity_days

Length of time in days the Self Signed certificate is good for. Default is 1095

class { 'winrm::config::listener::https':
  cert_validity_days    => 1095,
  certificate_hash      => 'test cert hash',
  https_listener_enable => true,
}

cert_common_name

Common name of the self-signed or custom bound certificate. If you specify a custom certificate_hash, the CN (Common Name) in that certificate MUST match this value, otherwise the cert binding will not work.

local_account_token_filter_policy_enable

If LocalAccountTokenFilterPolicy should be enabled? Default is true

class { 'winrm::config::localaccounttokenfilter':
  local_account_token_filter_policy_enable => true,
}

skip_network_profile_check

If Enable-PSRemoting should skip the network profile check. Default is false

class { 'winrm::config::ps_remoting':
  skip_network_profile_check => false,
}