Windows Remote Management (WinRM)


To authenticate with discovered Windows hosts, Puppet Discovery uses NTLM authentication over HTTPS on port 5986. When enabled, Puppet Discovery fallbacks to using NTLM authentication over HTTP on port 5985, if the default authentication fails.

To discover resources on your Windows hosts, you must enable WinRM access on each host by running the following commands:

winrm quickconfig
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}'
CAUTION: To enable the HTTP fallback option (see step 6 below), include the winrm set winrm/config/service '@{AllowUnencrypted="true"}' command. This means that all Puppet Discovery commands and responses, not including credentials, are sent in plaintext over the network.
Important: Your Windows user account must be a member of either the local administrator group or the WinRMRemoteWMIUsers_ group. For more information, see Default Group Access.

Adding WinRM credentials

  1. Select Settings > Add credentials, and then click WinRM credential.
  2. In the Name field, enter a unique and descriptive name.
  3. Assign an individual scope, or both, to the WinRM credential:
    • Discover data on hosts: This credential scope is valid only for discovering resources on your Windows hosts.

    • Run tasks on target hosts: This credential is valid only for running tasks on your Windows hosts. No attempts are made to discover resources.

  4. In the Username field, enter your WinRM username.
  5. In the Password field, enter your WinRM password.
  6. Select HTTP fallback to permit using NTLM authentication over HTTP, if the default NTLM authentication over HTTPS fails.
  7. Click Add credential.
How helpful was this page?
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.