Windows Remote Shell and Server Core

Time for another installment about Server Core…..every two weeks seems about right. When new builds are released and there is more to discuss I’ll try to post more frequently.

 

Vista and Longhorn Server include the WS-Management protocol that was first introduced in Windows Server 2003 R2. Starting with Vista/Longhorn Beta 2, there is a new tool that can be used to remotely execute command line tools and scripts: Windows Remote Shell (WinRS.exe). This is a very handy way to administer Server Core if you just need to run a quick command, or if you want to script up some commands and execute them across a bunch of servers.

 

There are two pieces to this, the server side and the client side

 

Server Side Configuration

Before you can use WinRS to remotely manage a server, you need to first configure it with a WS-Management listener. From the command line you can run:

   WinRM quickconfig

 

Winrm /? Will show you all the various options if you want to configure the listener differently. I’m just going to cover the quick setup and let you all experiment.

 

You can also configure the listener through an unattend file, by adding the following in the <settings pass="specialize"> section:

<component name="Microsoft-Windows-Web-Services-for-Management-Core" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="x86">

   <ConfigureWindowsRemoteManagement>true</ConfigureWindowsRemoteManagement>

</component>

 

The Client Side

Once you have a box with a listener configured, you can then use WinRS.exe on another Vista/Longhorn box to remotely execute commands and scripts. Running WinRS with a /? Will show you all the options for how to connect as well as some examples.

 

How it Works

When you use WinRS to execute a command, the request is sent to the listener on the remote box. A command prompt is then launched, the command is executed, the reulsts are captured, the command prompt is closed, and the results are returned to the original box and displayed. You can create secure connections, specify credentials other then those of the logged on user, etc. I won’t go into the security details since there are so many possiblities, looking at the help for both should reveal most of it.

 

Currently any commands you execute can’t be interactive or prompt for input. WinRS just executes what you specify and returns the results. Therefore, if you are using something like netsh, you need to include the full command string to execute.

 

Using Windows Remote Shell

One way you could use WinRS is to setup the listener in an unattend file and use WInRS to remotely configure and mange the rest of the settings in Server Core. With the listener enabled, if you need, you could remotely enable TS remote admin mode by running:

   winrs -r:myserver cscript \windows\system32\scregedit.wsf /ar 0

 

You could also use WinRS to join a domain and add the domain admin to the local admin group, using the following commands:

   winrs -r:myserver netdom add myserver /domain:testdomain /userd:administrator /passwordd:<password>

   

   winrs -r:myserver net localgroup administrators testdomain\administrator /add

 

Till next time,

 

Andrew