winrm

pdk
Module for configuring and managing Windows WinRM configurations
Encore Technologies

Encore Technologies

encore

901 downloads

883 latest version

5.0 quality score

Version information

  • 0.1.2 (latest)
  • 0.1.1
released Jun 10th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • windows

Start using this module

Documentation

encore/winrm — version 0.1.2 Jun 10th 2020

WinRM module for Puppet

Build Status Puppet Forge Version Puppet Forge Downloads Puppet Forge Score Puppet PDK Version puppetmodule.info docs

Table of Contents

  1. Description - What the module does and why it is useful
  2. Setup - The basics of getting started with winrm
  3. Usage - Configuration options and additional functionality
  4. Reference - Parameters and explanations

Module Description

This module configures and maintains the WinRM configurations on a Windows system.

Setup requirements

You need to be running powershell 4 or greater for this module to work correctly.

Usage

Basic usage:

class { 'winrm': }

Advanced configuration WinRM on Windows servers:

class { 'winrm':
  allow_unencrypted_enable                 => false,
  auth_basic_enable                        => false,
  auth_credssp_enable                      => false,
  auth_kerberos_enable                     => true,
  auth_negotiate_enable                    => true,
  cert_validity_days                       => 1095,
  execution_policy                         => 'RemoteSigned',
  http_listener_enable                     => false,
  https_listener_enable                    => true,
  local_account_token_filter_policy_enable => true,
  skip_network_profile_check               => false,
}

Firewall usage:

class { 'winrm::config::firewall':
  http_listener_enable  => false,
  https_listener_enable => true,
}

Reference

Parameters

allow_unencrypted_enable

Is unencrypted traffic allowed? Default is false.

class { 'winrm::config::allow_unencrypted':
  allow_unencrypted_enable => false,
}

Auth

auth_basic_enable

Is Basic Authentication allowed? Default is false

auth_credssp_enable

Is CredSSP Authentication allowed? Default is false

auth_kerberos_enable

Is Kerberos Authentication allowed? Default is true

auth_negotiate_enable

Is Negotiate Authentication allowed? Default is true

class { 'winrm::config::auth':
  auth_basic_enable     => false,
  auth_credssp_enable   => false,
  auth_kerberos_enable  => true,
  auth_negotiate_enable => true,
}

execution_policy

Server execution policy to follow. Available options are: 'AllSigned', 'Bypass', 'RemoteSigned', 'Restricted', 'Undefined', 'Unrestricted' Defualt is RemoteSigned

class { 'winrm::config::execution_policy':
  execution_policy => 'RemoteSigned',
}

http_listener_enable

Should winrm be listening for http connections. Defialt is false

class { 'winrm::config::listener::http':
  http_listener_enable => false,
}

https_listener_enable

Should winrm be listening for https connections. Defialt is true

certificate_hash

If not using a Self Signed Certificate then this hash can be passed in and used for the HTTPs/SSL listener

cert_validity_days

Length of time in days the Self Signed certificate is good for. Default is 1095

class { 'winrm::config::listener::https':
  cert_validity_days    => 1095,
  certificate_hash      => 'test cert hash',
  https_listener_enable => true,
}

local_account_token_filter_policy_enable

If LocalAccountTokenFilterPolicy should be enabled? Default is true

class { 'winrm::config::localaccounttokenfilter':
  local_account_token_filter_policy_enable => true,
}

skip_network_profile_check

If Enable-PSRemoting should skip the network profile check. Default is false

class { 'winrm::config::ps_remoting':
  skip_network_profile_check => false,
}