Using WinRM and pywinrm for Remote Command Execution on Windows from Linux/macOS

1. Controlled Windows Host

Many enterprises repurpose idle Windows machines as temporary servers and need to invoke programs or view log files remotely. The built‑in Windows service winrm satisfies this requirement; it is a firewall‑friendly protocol based on the Simple Object Access Protocol (SOAP).

Official documentation: https://docs.microsoft.com/en-us/windows/win32/winrm/portal

1‑1 Start the winrm service

# Start winrm service
winrm quickconfig -q

If an error about network type appears, change the network profile from Public to Private (Win+I → Network & Internet).

1‑2 Check winrm listener status

# View winrm listener status
winrm e winrm/config/listener

# Sample output
Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = **

1‑3 View winrm configuration (optional)

# All configuration
winrm get winrm/config

# Client configuration
winrm get winrm/config/client

# Service configuration
winrm get winrm/config/service

1‑4 Configure winrm client

# Allow unencrypted traffic
winrm set winrm/config/client @{AllowUnencrypted="true"}

# Trust all hosts
winrm set winrm/config/client @{TrustedHosts="*"}

# Enable basic authentication
winrm set winrm/config/client/auth @{Basic="true"}

1‑5 Configure winrm service

# Allow unencrypted traffic for the service
winrm set winrm/config/service @{AllowUnencrypted="true"}

# Enable basic authentication for the service
winrm set winrm/config/service/auth @{Basic="true"}

2. Controlling Side

On the controlling machine (Linux or macOS), install the Python package pywinrm :

# Install pywinrm
pip3 install pywinrm

3. Practical Example

After the preparation above, you can write Python code to control the Windows host. You need the IP address, port, username, and password.

# Connect to Windows
import winrm

# Example session (replace with actual values)
session = winrm.Session("192.168.x.x:5985", auth=('username', 'password'), transport='ntlm')

# Function to execute a command and return its output
def exec_cmd(self, cmd):
    """Execute a cmd command and get the return value"""
    result = self.session.run_cmd(cmd)
    code = result.status_code
    content = result.std_out if code == 0 else result.std_err
    try:
        output = content.decode('utf8')
    except:
        output = content.decode('GBK')
    print(output)
    return output

# Example: view a log file on D:\py\log\trade.log
log_output = exec_cmd(session, 'D: & cd py\log & type trade.log')
print(log_output)

The run_cmd and run_ps methods can simulate CMD or PowerShell input, allowing you to execute arbitrary commands, run batch files, or retrieve file contents.

4. Summary

Beyond remotely viewing Windows files, WinRM combined with pywinrm enables execution of batch scripts, simulation of command‑line interactions, and further automation based on command return values.