Execute Remote Commands using WinRM

Execute a list of commands on remote servers in an agentless fashion (WinRM with multi-hop support)


This plugin enables the CA Automic platform to perform actions on a remote server in an agentless fashion.

The action pack is made of a single action based on WinRM and PowerShell which gives you the ability to execute multiple commands remotely. This action will be executed on a Windows server (the client) that has access over the network to the remote managed server(s).

However there are few prerequisites around the Windows security when doing WinRM actions.

First of all ensure WinRM has been configured and the Windows Remote Management (WS-Management) service is running on the client server as well as all remote servers.

An easy way to quickly configure WinRM is using the command "winrm quickconfig"

The action also supports multi-hop feature where the delegation of user credentials is required.

In this case the action uses the Credential Security Service Provider (CredSSP) for authentication and delegation.

To do so you need to enforce the Windows policies (gpedit.msc) as per below.

On the client server verify the following items :

  • Launch gpedit.msc
  • Go to 'Computer Configuration / Administrative Templates / Windows Components / Windows Remote Management (WinRM) / WinRM Client'
    • Enable 'Allow CredSSP authentication'
  • Go to 'Computer Configuration / Administrative Templates / System / Credentials Delegation'
    • Enable 'Allow Delegating Fresh Credentials' and add wsman/ to the servers list (or wsman/* for all servers)
    • Only if Kerberos is deactivated between the client and the remote server - Enable 'Allow Delegating Fresh Credentials with NTLM-only Server Authentication' and add wsman/ to the servers list (or wsman/* for all servers)

On the remote server(s) :

  • Launch gpedit.msc
  • Go to 'Computer Configuration / Administrative Templates / Windows Components / Windows Remote Management (WinRM) / WinRM Service'
    • Enable 'Allow CredSSP authentication'

Further details can be found at the following URL :

https://msdn.microsoft.com/en-us/library/ee309365(v=vs.85).aspx

The action pack contains the single action "Run Commands" which triggers sequentially all the commands passed in the input parameters.

No content available.
Please log in using your Broadcom account to download this plugin.
Please log in using your Broadcom account to download this plugin.
Products Continuous Delivery Automation, Continuous Delivery Automation, Workload Automation, Automic Automation
Versions 12.x, 12.1
Operating Systems Windows
Last update 2018-05-02 11:46:40.0
Supported by
Community Source execute-remote-commands-using-winrm

Broadcom does not support, maintain or warrant Solutions, Templates, Actions and any other content published on the Community and is subject to Broadcom Community Terms and Conditions.