Technical overview > Windows Inventory from Non-Windows Runners

The Windows Python Zero Touch inventory method enables cross-platform inventory collection, allowing non-Windows runners (such as Linux) to perform agentless inventory scans of Windows devices. This capability extends the flexibility of Raynet One by enabling Windows inventory operations from diverse runner environments.

Overview

This inventory method combines Python with Windows Remote Management (WinRM) to establish secure communication channels between non-Windows runners and Windows target systems. The implementation leverages:

•Python scripting: Provides cross-platform execution capabilities and protocol handling

•PyWinRM library: Implements the Windows Remote Management protocol for remote command execution

•WSMan (Web Services-Management): Standard protocol for remote management of Windows systems

•SMB file transfer: Enables file operations and data collection from Windows file systems

Key Features

Cross-Platform Capability

Non-Windows runners (particularly Linux-based systems) can perform comprehensive Windows inventory operations without requiring a Windows runner in the network segment.

Agentless Architecture

No software installation is required on target Windows systems beyond enabling WinRM, which is a native Windows feature.

Comprehensive Inventory Data

The method collects extensive system information including:

•Hardware configuration (processors, memory, storage)

•Operating system details and configuration

•Installed software and applications

•Network adapters and configuration

•Windows services and processes

•Registry information

•Windows Management Instrumentation (WMI) data

•Docker containers (if Docker is installed)

Prerequisites

To use this inventory method, ensure the following prerequisites are met:

Runner Requirements

•Non-Windows runner: A Linux or Unix-based runner with Python support installed and configured in Raynet One

•Python environment: Python runtime with PyWinRM library support (typically provided through the runner's Docker image)

•Network connectivity: The runner must have network access to target Windows systems

Windows Target Requirements

•WinRM enabled: Windows Remote Management must be enabled on target systems

•Firewall configuration: Ports 5985 (HTTP) and/or 5986 (HTTPS) must be accessible for WinRM communication

•SMB access: Port 445 must be open for SMB file transfer operations

•Authentication: Appropriate authentication mechanisms configured (Basic, Kerberos, or NTLM)

Credentials

•Administrative credentials: Domain or local administrator account with appropriate permissions on target Windows systems

•WinRM permissions: User must be authorized for WinRM remote management operations

•File system access: Credentials must have read access to system directories and registry

Enabling WinRM on Windows Targets

Windows Remote Management must be properly configured on target systems before inventory can be performed. The following steps outline the basic WinRM configuration:

Quick Configuration

On the Windows target system, open an elevated PowerShell prompt and execute:

Enable-PSRemoting -Force

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

This enables WinRM with default settings suitable for most environments.

Secure HTTPS Configuration

For production environments, HTTPS configuration is recommended:

winrm quickconfig -transport:https

Note that HTTPS configuration requires a valid SSL certificate on the target system.

Using the Windows Python Inventory Method

The Windows Python Zero Touch inventory method is automatically available when using non-Windows runners for Windows device inventory. The platform detects the runner type and selects the appropriate inventory plugin.

Configuration:

1.Ensure your non-Windows runner is properly installed and authorized

2.Configure Windows credentials in Raynet One with appropriate permissions

3.Verify WinRM is enabled on target Windows systems

4.Create an inventory job targeting Windows devices and select your non-Windows runner

The platform automatically uses the Windows Python Zero Touch plugin when a non-Windows runner is assigned to inventory Windows targets.

Technical Architecture

The Windows Python inventory implementation consists of several integrated components:

•Python executor: Manages Python script execution and handles communication with Windows targets via PyWinRM

•Command-line interface: Executes remote commands on Windows systems and retrieves results

•Registry query engine: Reads Windows registry remotely to collect system configuration and installed software information

•WMI query processor: Executes Windows Management Instrumentation queries for hardware and system information

•SMB file transfer: Handles file operations including reading configuration files and collecting log data

•Docker scanner: Detects and inventories Docker containers running on Windows systems

Comparison with Windows Zero Touch

While both methods provide agentless Windows inventory, they differ in their execution environments and protocols:

Feature	Windows Zero Touch	Windows Python Inventory
Runner Platform	Windows	Linux/Unix
Primary Protocol	DCOM/RPC, WMI	WinRM (WSMan)
Implementation	.NET/C#	Python/PyWinRM

Both methods collect comprehensive inventory data and support similar inventory depths. The choice between them depends primarily on the available runner platform in your environment.

Troubleshooting

Common Issues:

Connection Failures:

•Verify WinRM is enabled on target systems

•Check firewall rules allow WinRM ports (5985/5986)

•Ensure network connectivity between runner and targets

Authentication Errors:

•Verify credentials have administrative privileges on targets

•Check WinRM authentication configuration matches credential type

•Ensure user is authorized for WinRM remote management

Incomplete Inventory Data:

•Verify credentials have full administrative rights

•Check file system and registry permissions

•Review job logs for specific permission errors

Windows Inventory from Non-Windows Runners