> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# PowerShell

> PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language.

## Creating a WinRM Connection[​](#creating-a-winrm-connection "Direct link to Creating a WinRM Connection")

To create the connection you will need the following:

* Machine URL
* Account username and password
  * For domain users, make sure to add the domain in the following format: `<domain>\<username>`.
* Authentication certificate (optional) - this is necessary when using an HTTPS endpoint configured with a self-signed certificate

<Note>
  The system will attempt to determine the correct endpoint URL based on the following formats:

  * `windows-host` -> `http://windows-host:5985/wsman`
  * `windows-host:1111` -> `http://windows-host:1111/wsman`
  * `http://windows-host` -> `http://windows-host:5985/wsman`
  * `http://windows-host:1111` -> `http://windows-host:1111/wsman`
  * `http://windows-host:1111/wsman` -> `http://windows-host:1111/wsman`

  If you intend to use an **HTTPS endpoint** (encrypted communications),make sure to use the specified format: `https://<your-ip-or-domain>:<port-number>/wsman`

  For example: `https://windows-host:5986/wsman`
</Note>

### Enabling WinRM on a Remote Host[​](#enabling-winrm-on-a-remote-host "Direct link to Enabling WinRM on a Remote Host")

For Windows Remote Management (WinRM) scripts to function and for the `winrm` command-line tool to perform data operations, WinRM has to be both **installed** and **configured**.

1. Enable WinRM basic authentication

   ```
   # from powershell:Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true
   ```

   ```
   # from cmd:winrm set winrm/config/service/auth @{Basic="true"}
   ```

2. Ensure that WinRM inbound requests are not blocked by the Windows Firewall.

   To allow WinRM requests, follow these steps:

   1. Open Windows Firewall.
   2. Access the advanced options.
   3. Navigate to "Inbound Rules".
   4. Locate and select "Windows Remote Management (HTTP-In)" or "Windows Remote Management (HTTPS-In)", depending on the endpoint you're using.
   5. Go to the "Scope" section.
   6. Add the desired remote IP addresses to allow the WinRM requests.

For more information, follow the [Microsoft Documentation](https://learn.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management) to create a WinRM client on the target machine.

#### WinRM over HTTP - unencrypted[​](#winrm-over-http---unencrypted "Direct link to WinRM over HTTP - unencrypted")

When communicating over an unencrypted connection, a certificate is not required. Adding one to the connection will not have any impact.

1. Create an HTTP listener by typing the following command:

   ```
   winrm quickconfig
   ```

   The default HTTP port is 5985.

2. Allow unencrypted communications:

   ```
   # from powershell:Set-Item -Path "WSMan:\localhost\Service\AllowUnencrypted" -Value $true
   ```

   ```
   # from cmd:winrm set winrm/config/service @{AllowUnencrypted="true"}
   ```

#### WinRM over HTTPS - encrypted[​](#winrm-over-https---encrypted "Direct link to WinRM over HTTPS - encrypted")

1. The WinRM host must possess a certificate for communication over the HTTPS protocol. You can either obtain or generate a certificate.

2. Once you have obtained or generated the certificate, add it using the Microsoft Management Console.

   <Note>
     * If the certificate was issued by a trusted CA, a public certificate will not be needed in the connection.

     * If the certificate is self-signed, you will need to take one of the following steps to establish trust in the server's certificate:

       * Check the **Ignore Server Certificate Validation** checkbox during connection setup.
       * Include the server's public certificate in the connection setup.
   </Note>

3. Create an HTTPS listener by typing the following command:

   ```
   winrm quickconfig -transport:https
   ```

   The default HTTPS port is 5986.

   For more information, follow the [Microsoft Documentation](https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https) - How to configure WINRM for HTTPS.

### Creating your connection[​](#creating-your-connection-1 "Direct link to Creating your connection")

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.

2. Select the **WinRM** icon. A dialog box with name of the connection and connection methods appears.

3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.

4. Select **WinRM** as the method to create the connection.

5. Fill in the parameters:

   * (Optional) The *URL* to your machine. Do not include the protocol in this field. If left empty, the URL must be specified in the parameters of the [Run Command Over WinRM](/docs/integrations/powershell/actions/run-command-over-winrm) action. This enables reusing connection details to different hosts or to a location only known at runtime.
   * The *Username* of an account on the machine authorized to use WinRM
   * The *Password* to the account authorized to use WinRM
   * Whether to validate the server's certificate or not.
   * The *certificate* (optional).

6. (Optional) Click **Test Connection** to test it.

7. Click **Create connection**. The new connection appears on the **Connections** page.
