or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

auth-security.mdexceptions.mdindex.mdprotocol.mdresponse.mdsession.md

session.mddocs/

0
# Session Interface
1


2
High-level interface for executing commands and PowerShell scripts on remote Windows machines. The Session class provides automatic shell management, simplified error handling, and the most convenient API for typical WinRM usage scenarios.
3


4
## Capabilities
5


6
### Session Creation
7


8
Creates a WinRM session to a target Windows host with authentication and transport configuration.
9


10
```python { .api }
11
class Session:
12
    def __init__(
13
        self, 
14
        target: str, 
15
        auth: tuple[str, str], 
16
        **kwargs
17
    ):
18
        """
19
        Create WinRM session to target host.
20
        
21
        Parameters:
22
        - target: Windows host (hostname, IP, or URL)
23
        - auth: (username, password) tuple
24
        - transport: authentication method ("plaintext", "ssl", "ntlm", "kerberos", "credssp", "basic", "certificate")
25
        - server_cert_validation: "validate" or "ignore" (default: "validate")
26
        - ca_trust_path: CA certificate path or "legacy_requests" (default: "legacy_requests")
27
        - cert_pem: client certificate file path (for certificate auth)
28
        - cert_key_pem: client certificate key file path (for certificate auth)
29
        - read_timeout_sec: HTTP read timeout in seconds (default: 30)
30
        - operation_timeout_sec: WinRM operation timeout in seconds (default: 20)
31
        - kerberos_delegation: enable Kerberos delegation (default: False)
32
        - kerberos_hostname_override: override hostname for Kerberos (optional)
33
        - message_encryption: "auto", "always", or "never" (default: "auto")
34
        - proxy: proxy configuration or "legacy_requests" (default: "legacy_requests")
35
        """
36
```
37


38
The target parameter supports flexible URL formats:
39
- `windows-host``http://windows-host:5985/wsman`
40
- `windows-host:1111``http://windows-host:1111/wsman`
41
- `http://windows-host``http://windows-host:5985/wsman`
42
- `http://windows-host:1111/wsman``http://windows-host:1111/wsman`
43


44
### Command Execution
45


46
Execute Windows batch commands with arguments and receive structured output.
47


48
```python { .api }
49
def run_cmd(
50
    self, 
51
    command: str, 
52
    args: collections.abc.Iterable[str | bytes] = ()
53
) -> Response:
54
    """
55
    Execute a command on the remote Windows host.
56
    
57
    Parameters:
58
    - command: command to execute (e.g., 'ipconfig', 'dir', 'powershell')
59
    - args: command arguments as iterable of strings or bytes
60
    
61
    Returns:
62
    Response object with std_out, std_err, and status_code
63
    
64
    Example:
65
    r = session.run_cmd('ipconfig', ['/all'])
66
    r = session.run_cmd('dir', ['C:\\', '/w'])
67
    """
68
```
69


70
**Usage Example:**
71


72
```python
73
import winrm
74


75
s = winrm.Session('192.168.1.100', auth=('Administrator', 'password'))
76


77
# Simple command
78
r = s.run_cmd('hostname')
79
print(r.std_out.decode('utf-8'))
80


81
# Command with arguments
82
r = s.run_cmd('dir', ['C:\\Windows', '/b'])
83
if r.status_code == 0:
84
    files = r.std_out.decode('utf-8').strip().split('\n')
85
    print(f"Found {len(files)} items")
86
```
87


88
### PowerShell Script Execution
89


90
Execute PowerShell scripts with automatic base64 UTF-16LE encoding and CLIXML error processing.
91


92
```python { .api }
93
def run_ps(self, script: str) -> Response:
94
    """
95
    Execute PowerShell script on remote host.
96
    
97
    The script is automatically encoded in base64 UTF-16LE format
98
    and executed using 'powershell -encodedcommand'. CLIXML error
99
    messages are automatically cleaned and made human-readable.
100
    
101
    Parameters:
102
    - script: PowerShell script as string
103
    
104
    Returns:
105
    Response object with processed output and errors
106
    
107
    Example:
108
    script = "Get-Process | Where-Object {$_.CPU -gt 100}"
109
    r = session.run_ps(script)
110
    """
111
```
112


113
**Usage Example:**
114


115
```python
116
# System information script
117
ps_script = """
118
$computer = Get-ComputerInfo
119
[PSCustomObject]@{
120
    'Computer' = $computer.CsName
121
    'OS' = $computer.WindowsProductName
122
    'Version' = $computer.WindowsVersion
123
    'Memory' = [math]::Round($computer.CsTotalPhysicalMemory / 1GB, 2)
124
}
125
"""
126


127
r = s.run_ps(ps_script)
128
if r.status_code == 0:
129
    print("System Info:", r.std_out.decode('utf-8'))
130
else:
131
    print("Error:", r.std_err.decode('utf-8'))
132


133
# Service management
134
service_script = """
135
Get-Service | Where-Object {$_.Status -eq 'Running'} | 
136
Select-Object Name, DisplayName, Status | ConvertTo-Json
137
"""
138


139
r = s.run_ps(service_script)
140
```
141


142
### Internal URL Building
143


144
Utility method for constructing WinRM endpoint URLs from various target formats.
145


146
```python { .api }
147
@staticmethod
148
def _build_url(target: str, transport: str) -> str:
149
    """
150
    Build WinRM endpoint URL from target specification.
151
    
152
    Handles various target formats and adds appropriate defaults
153
    based on transport type (SSL/HTTP ports, wsman path).
154
    
155
    Parameters:
156
    - target: target specification (hostname, IP, or partial URL)
157
    - transport: transport type affecting default ports
158
    
159
    Returns:
160
    Complete WinRM endpoint URL
161
    """
162
```
163


164
## Transport Configuration
165


166
### Authentication Methods
167


168
- **plaintext**: HTTP without encryption (default, port 5985)
169
- **ssl**: HTTPS transport (port 5986)
170
- **basic**: HTTP Basic authentication
171
- **ntlm**: NTLM authentication with optional message encryption
172
- **kerberos**: Kerberos authentication (requires `pywinrm[kerberos]`)
173
- **credssp**: CredSSP authentication (requires `pywinrm[credssp]`)
174
- **certificate**: Client certificate authentication
175


176
### Secure Transport Example
177


178
```python
179
# NTLM with encryption
180
s = winrm.Session(
181
    'windows-host.domain.com',
182
    auth=('domain\\user', 'password'),
183
    transport='ntlm',
184
    message_encryption='always'
185
)
186


187
# Kerberos authentication
188
s = winrm.Session(
189
    'windows-host.domain.com',
190
    auth=('user@DOMAIN.COM', 'password'),
191
    transport='kerberos',
192
    kerberos_delegation=True
193
)
194


195
# SSL with custom certificate validation
196
s = winrm.Session(
197
    'https://windows-host:5986/wsman',
198
    auth=('user', 'password'),
199
    transport='ssl',
200
    server_cert_validation='ignore'  # Only for testing
201
)
202
```