RubyGems - knife-windows - Versions diffs - 1.0.0.rc.1 → 1.0.0.rc.2 - Mend

knife-windows 1.0.0.rc.1 → 1.0.0.rc.2

Files changed (50) hide show

checksums.yaml +4 -4
data/.gitignore +5 -5
data/.travis.yml +20 -20
data/CHANGELOG.md +75 -74
data/DOC_CHANGES.md +323 -323
data/Gemfile +12 -12
data/LICENSE +201 -201
data/README.md +393 -292
data/RELEASE_NOTES.md +79 -74
data/Rakefile +21 -16
data/appveyor.yml +42 -42
data/ci.gemfile +15 -15
data/features/knife_help.feature +20 -20
data/features/support/env.rb +5 -5
data/knife-windows.gemspec +28 -28
data/lib/chef/knife/bootstrap/windows-chef-client-msi.erb +247 -241
data/lib/chef/knife/bootstrap_windows_base.rb +388 -368
data/lib/chef/knife/bootstrap_windows_ssh.rb +110 -110
data/lib/chef/knife/bootstrap_windows_winrm.rb +102 -113
data/lib/chef/knife/core/windows_bootstrap_context.rb +361 -362
data/lib/chef/knife/knife_windows_base.rb +33 -0
data/lib/chef/knife/windows_cert_generate.rb +155 -155
data/lib/chef/knife/windows_cert_install.rb +68 -68
data/lib/chef/knife/windows_helper.rb +36 -36
data/lib/chef/knife/windows_listener_create.rb +107 -107
data/lib/chef/knife/winrm.rb +212 -191
data/lib/chef/knife/winrm_base.rb +118 -125
data/lib/chef/knife/winrm_knife_base.rb +218 -201
data/lib/chef/knife/winrm_session.rb +80 -71
data/lib/chef/knife/winrm_shared_options.rb +47 -47
data/lib/chef/knife/wsman_endpoint.rb +44 -44
data/lib/chef/knife/wsman_test.rb +96 -96
data/lib/knife-windows/path_helper.rb +234 -234
data/lib/knife-windows/version.rb +6 -6
data/spec/assets/win_template_rendered_with_bootstrap_install_command.txt +217 -0
data/spec/assets/win_template_rendered_without_bootstrap_install_command.txt +329 -0
data/spec/assets/win_template_unrendered.txt +246 -0
data/spec/functional/bootstrap_download_spec.rb +216 -140
data/spec/spec_helper.rb +87 -72
data/spec/unit/knife/bootstrap_options_spec.rb +146 -146
data/spec/unit/knife/bootstrap_template_spec.rb +92 -92
data/spec/unit/knife/bootstrap_windows_winrm_spec.rb +240 -161
data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +151 -101
data/spec/unit/knife/windows_cert_generate_spec.rb +90 -90
data/spec/unit/knife/windows_cert_install_spec.rb +51 -51
data/spec/unit/knife/windows_listener_create_spec.rb +76 -76
data/spec/unit/knife/winrm_session_spec.rb +55 -46
data/spec/unit/knife/winrm_spec.rb +504 -376
data/spec/unit/knife/wsman_test_spec.rb +175 -175
metadata +28 -8

data/Gemfile CHANGED Viewed

@@ -1,12 +1,12 @@
-source "https://rubygems.org"
-# Specify your gem's dependencies in knife-windows.gemspec
-gemspec
-group :test do
-  gem "chef"
-  gem "rspec", '~> 3.0'
-  gem "ruby-wmi"
-  gem "httpclient"
-  gem 'rake'
-end
+source "https://rubygems.org"
+# Specify your gem's dependencies in knife-windows.gemspec
+gemspec
+group :test do
+  gem "chef"
+  gem "rspec", '~> 3.0'
+  gem "ruby-wmi"
+  gem "httpclient"
+  gem 'rake'
+end

data/LICENSE CHANGED Viewed

@@ -1,201 +1,201 @@
-                              Apache License
-                        Version 2.0, January 2004
-                     http://www.apache.org/licenses/
-TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-1. Definitions.
-   "License" shall mean the terms and conditions for use, reproduction,
-   and distribution as defined by Sections 1 through 9 of this document.
-   "Licensor" shall mean the copyright owner or entity authorized by
-   the copyright owner that is granting the License.
-   "Legal Entity" shall mean the union of the acting entity and all
-   other entities that control, are controlled by, or are under common
-   control with that entity. For the purposes of this definition,
-   "control" means (i) the power, direct or indirect, to cause the
-   direction or management of such entity, whether by contract or
-   otherwise, or (ii) ownership of fifty percent (50%) or more of the
-   outstanding shares, or (iii) beneficial ownership of such entity.
-   "You" (or "Your") shall mean an individual or Legal Entity
-   exercising permissions granted by this License.
-   "Source" form shall mean the preferred form for making modifications,
-   including but not limited to software source code, documentation
-   source, and configuration files.
-   "Object" form shall mean any form resulting from mechanical
-   transformation or translation of a Source form, including but
-   not limited to compiled object code, generated documentation,
-   and conversions to other media types.
-   "Work" shall mean the work of authorship, whether in Source or
-   Object form, made available under the License, as indicated by a
-   copyright notice that is included in or attached to the work
-   (an example is provided in the Appendix below).
-   "Derivative Works" shall mean any work, whether in Source or Object
-   form, that is based on (or derived from) the Work and for which the
-   editorial revisions, annotations, elaborations, or other modifications
-   represent, as a whole, an original work of authorship. For the purposes
-   of this License, Derivative Works shall not include works that remain
-   separable from, or merely link (or bind by name) to the interfaces of,
-   the Work and Derivative Works thereof.
-   "Contribution" shall mean any work of authorship, including
-   the original version of the Work and any modifications or additions
-   to that Work or Derivative Works thereof, that is intentionally
-   submitted to Licensor for inclusion in the Work by the copyright owner
-   or by an individual or Legal Entity authorized to submit on behalf of
-   the copyright owner. For the purposes of this definition, "submitted"
-   means any form of electronic, verbal, or written communication sent
-   to the Licensor or its representatives, including but not limited to
-   communication on electronic mailing lists, source code control systems,
-   and issue tracking systems that are managed by, or on behalf of, the
-   Licensor for the purpose of discussing and improving the Work, but
-   excluding communication that is conspicuously marked or otherwise
-   designated in writing by the copyright owner as "Not a Contribution."
-   "Contributor" shall mean Licensor and any individual or Legal Entity
-   on behalf of whom a Contribution has been received by Licensor and
-   subsequently incorporated within the Work.
-2. Grant of Copyright License. Subject to the terms and conditions of
-   this License, each Contributor hereby grants to You a perpetual,
-   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-   copyright license to reproduce, prepare Derivative Works of,
-   publicly display, publicly perform, sublicense, and distribute the
-   Work and such Derivative Works in Source or Object form.
-3. Grant of Patent License. Subject to the terms and conditions of
-   this License, each Contributor hereby grants to You a perpetual,
-   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-   (except as stated in this section) patent license to make, have made,
-   use, offer to sell, sell, import, and otherwise transfer the Work,
-   where such license applies only to those patent claims licensable
-   by such Contributor that are necessarily infringed by their
-   Contribution(s) alone or by combination of their Contribution(s)
-   with the Work to which such Contribution(s) was submitted. If You
-   institute patent litigation against any entity (including a
-   cross-claim or counterclaim in a lawsuit) alleging that the Work
-   or a Contribution incorporated within the Work constitutes direct
-   or contributory patent infringement, then any patent licenses
-   granted to You under this License for that Work shall terminate
-   as of the date such litigation is filed.
-4. Redistribution. You may reproduce and distribute copies of the
-   Work or Derivative Works thereof in any medium, with or without
-   modifications, and in Source or Object form, provided that You
-   meet the following conditions:
-   (a) You must give any other recipients of the Work or
-       Derivative Works a copy of this License; and
-   (b) You must cause any modified files to carry prominent notices
-       stating that You changed the files; and
-   (c) You must retain, in the Source form of any Derivative Works
-       that You distribute, all copyright, patent, trademark, and
-       attribution notices from the Source form of the Work,
-       excluding those notices that do not pertain to any part of
-       the Derivative Works; and
-   (d) If the Work includes a "NOTICE" text file as part of its
-       distribution, then any Derivative Works that You distribute must
-       include a readable copy of the attribution notices contained
-       within such NOTICE file, excluding those notices that do not
-       pertain to any part of the Derivative Works, in at least one
-       of the following places: within a NOTICE text file distributed
-       as part of the Derivative Works; within the Source form or
-       documentation, if provided along with the Derivative Works; or,
-       within a display generated by the Derivative Works, if and
-       wherever such third-party notices normally appear. The contents
-       of the NOTICE file are for informational purposes only and
-       do not modify the License. You may add Your own attribution
-       notices within Derivative Works that You distribute, alongside
-       or as an addendum to the NOTICE text from the Work, provided
-       that such additional attribution notices cannot be construed
-       as modifying the License.
-   You may add Your own copyright statement to Your modifications and
-   may provide additional or different license terms and conditions
-   for use, reproduction, or distribution of Your modifications, or
-   for any such Derivative Works as a whole, provided Your use,
-   reproduction, and distribution of the Work otherwise complies with
-   the conditions stated in this License.
-5. Submission of Contributions. Unless You explicitly state otherwise,
-   any Contribution intentionally submitted for inclusion in the Work
-   by You to the Licensor shall be under the terms and conditions of
-   this License, without any additional terms or conditions.
-   Notwithstanding the above, nothing herein shall supersede or modify
-   the terms of any separate license agreement you may have executed
-   with Licensor regarding such Contributions.
-6. Trademarks. This License does not grant permission to use the trade
-   names, trademarks, service marks, or product names of the Licensor,
-   except as required for reasonable and customary use in describing the
-   origin of the Work and reproducing the content of the NOTICE file.
-7. Disclaimer of Warranty. Unless required by applicable law or
-   agreed to in writing, Licensor provides the Work (and each
-   Contributor provides its Contributions) on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-   implied, including, without limitation, any warranties or conditions
-   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-   PARTICULAR PURPOSE. You are solely responsible for determining the
-   appropriateness of using or redistributing the Work and assume any
-   risks associated with Your exercise of permissions under this License.
-8. Limitation of Liability. In no event and under no legal theory,
-   whether in tort (including negligence), contract, or otherwise,
-   unless required by applicable law (such as deliberate and grossly
-   negligent acts) or agreed to in writing, shall any Contributor be
-   liable to You for damages, including any direct, indirect, special,
-   incidental, or consequential damages of any character arising as a
-   result of this License or out of the use or inability to use the
-   Work (including but not limited to damages for loss of goodwill,
-   work stoppage, computer failure or malfunction, or any and all
-   other commercial damages or losses), even if such Contributor
-   has been advised of the possibility of such damages.
-9. Accepting Warranty or Additional Liability. While redistributing
-   the Work or Derivative Works thereof, You may choose to offer,
-   and charge a fee for, acceptance of support, warranty, indemnity,
-   or other liability obligations and/or rights consistent with this
-   License. However, in accepting such obligations, You may act only
-   on Your own behalf and on Your sole responsibility, not on behalf
-   of any other Contributor, and only if You agree to indemnify,
-   defend, and hold each Contributor harmless for any liability
-   incurred by, or claims asserted against, such Contributor by reason
-   of your accepting any such warranty or additional liability.
-END OF TERMS AND CONDITIONS
-APPENDIX: How to apply the Apache License to your work.
-   To apply the Apache License to your work, attach the following
-   boilerplate notice, with the fields enclosed by brackets "[]"
-   replaced with your own identifying information. (Don't include
-   the brackets!)  The text should be enclosed in the appropriate
-   comment syntax for the file format. We also recommend that a
-   file or class name and description of purpose be included on the
-   same "printed page" as the copyright notice for easier
-   identification within third-party archives.
-Copyright [yyyy] [name of copyright owner]
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+1. Definitions.
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+END OF TERMS AND CONDITIONS
+APPENDIX: How to apply the Apache License to your work.
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+Copyright [yyyy] [name of copyright owner]
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md CHANGED Viewed

@@ -1,292 +1,393 @@
-Knife Windows Plugin
-====================
-[![Build Status Master](https://travis-ci.org/chef/knife-windows.svg?branch=master)](https://travis-ci.org/chef/knife-windows)
-[![Build Status Master](https://ci.appveyor.com/api/projects/status/github/chef/knife-windows?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/knife-windows/branch/master)
-This plugin adds additional functionality to the Chef Knife CLI tool for
-configuring/interacting with nodes running Microsoft Windows. The subcommands
-should function on any system running Ruby 1.9.3+ but nodes being configured
-via these subcommands require Windows Remote Management (WinRM) 1.0+.WinRM
-allows you to call native objects in Windows. This includes, but is not
-limited to, running PowerShell scripts, batch scripts, and fetching WMI
-variables. For more information on WinRM, please visit
-[Microsoft's WinRM site](http://msdn.microsoft.com/en-us/library/aa384426(v=VS.85).aspx).
-You will want to familiarize yourself with (certain key aspects) of WinRM
-because you will be writing scripts / running commands with this tool to get
-you from specific point A to specific point B.
-WinRM is built into Windows 7 and Windows Server 2008+. It can also be easily installed on older version of Windows, including:
-* Windows Server 2003
-* Windows Vista
-More information can be found on [Microsoft Support article 968930](http://support.microsoft.com/?kbid=968930).
-## Subcommands
-This plugin provides the following Knife subcommands. Specific command options can be found by invoking the subcommand with a `--help` flag
-### knife winrm
-The `winrm` subcommand allows you to invoke commands in parallel on a subset of the nodes in your infrastructure. The `winrm` subcommand uses the same syntax as the [search subcommand](https://docs.chef.io/knife_search.html); you could could find the uptime of all your web servers using the command:
-    knife winrm "role:web" "net stats srv" -x Administrator -P 'super_secret_password'
-Or force a chef run:
-    knife winrm 'ec2-50-xx-xx-124.compute-1.amazonaws.com' 'chef-client -c c:/chef/client.rb' -m -x Administrator -P 'super_secret_password'
-    ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:49 +0000] INFO: Starting Chef Run (Version 0.9.12)
-    ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:50 +0000] WARN: Node ip-0A502FFB has an empty run list.
-    ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Chef Run complete in 4.383966 seconds
-    ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: cleaning the checksum cache
-    ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Running report handlers
-    ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Report handlers complete
-This subcommand operates in a manner similar to [knife ssh](https://docs.chef.io/knife_ssh.html)...just leveraging the WinRM protocol for communication. It also include's `knife ssh`'s "[interactive session mode](https://docs.chef.io/knife_ssh.html#options)"
-### knife wsman test
-Connects to the remote WSMan/WinRM endpoint and verifies the remote node is listening.  This is the equivalent of running Test-Wsman from PowerShell.  Endpoints to test can be specified manually, or be driven by search and use many of the same connection options as knife winrm.
-To test a single node using the default WinRM port (5985)
-    knife wsman test 192.168.1.10 -m
-or to test a single node with SSL enabled on the default port (5986)
-    knife wsman test 192.168.1.10 -m --winrm-transport ssl
-or to test all windows nodes registered with your Chef Server organization
-    knife wsman test platform:windows
-### knife bootstrap windows winrm
-Performs a Chef Bootstrap (via the WinRM protocol) on the target node. The goal of the bootstrap is to get Chef installed on the target system so it can run Chef Client with a Chef Server. The main assumption is a baseline OS installation exists. It is primarily intended for Chef Client systems that talk to a Chef server.
-This subcommand operates in a manner similar to [knife bootstrap](https://docs.chef.io/knife_bootstrap.html)...just leveraging the WinRM protocol for communication. An initial run_list for the node can also be passed to the subcommand. Example usage:
-    knife bootstrap windows winrm ec2-50-xx-xx-124.compute-1.amazonaws.com -r 'role[webserver],role[production]' -x Administrator -P 'super_secret_password'
-### Use SSL for WinRM communication
-By default, the `knife winrm` and `knife bootstrap windows winrm` subcommands use a plaintext transport,
-but they support an option `--winrm-transport` (or `-t`) with the argument
-`ssl` that allows the SSL to secure the WinRM payload. Here's an example:
-    knife winrm -t ssl "role:web" "net stats srv" -x Administrator -P 'super_secret_password'
-Use of SSL is strongly recommended, particularly when invoking `knife-windows` on non-Windows platforms, since
-without SSL there are limited options for ensuring the privacy of the
-plaintext transport. See the section on [Platform authentication
-support](#platform-winrm-authentication-support).
-SSL will become the default transport in future revisions of
-`knife-windows`.
-### knife bootstrap windows ssh
-Performs a Chef Bootstrap (via the SSH protocol) on the target node. The goal of the bootstrap is to get Chef installed on the target system so it can run Chef Client with a Chef Server. The main assumption is a baseline OS installation exists. It is primarily intended for Chef Client systems that talk to a Chef server.
-This subcommand assumes the SSH session will use the Windows native cmd.exe command shell vs a bash shell through an emulated cygwin layer. Most popular Windows based SSHd daemons like [freeSSHd](http://www.freesshd.com/) and [WinSSHD](http://www.bitvise.com/winsshd) behave this way.
-An initial run_list for the node can also be passed to the subcommand. Example usage:
-    knife bootstrap windows ssh ec2-50-xx-xx-124.compute-1.amazonaws.com -r 'role[webserver],role[production]' -x Administrator -i ~/.ssh/id_rsa
-### knife windows cert generate
-Generates a certificate(x509) containing a public / private key pair for WinRM 'SSL' communication.
-The certificate will be generated in three different formats *.pfx, *.b64 and *.pem.
-The PKCS12(i.e *.pfx) contains both the public and private keys, usually used on the server. This will be added to WinRM Server's Certificate Store.
-The *.b64 is Base64 PKCS12 key pair. Contains both the public and private keys, for upload to the Cloud REST API. e.g. Azure.
-The *.pem is Base64 encoded public certificate only. Required by the client to connect to the server.
-This command also displays the thumbprint of the generated certificate.
-    knife windows cert generate --cert-passphrase "strong_passphrase" --hostname "cloudapp.net" --output-file "~/server_cert.pfx"
-    # This command will generate certificates at user's home directory with names server_cert.b64, server_cert.pfx and server_cert.pem.
-### knife windows cert install
-This command only functions on Windows. It adds the specified certificate to its certificate store. This command must include a valid PKCS12(i.e *.pfx) certificate file path.
-    knife windows cert install "~/server_cert.pfx" --cert-passphrase "strong_passphrase"
-### knife windows listener create
-This command only functions on Windows. It creates the winrm listener for SSL communication(i.e HTTPS).
-This command can also install certificate which is specified using --cert-install option and use the installed certificate thumbprint to create winrm listener.
---hostname option is optional. Default value for hostname is *.
-    knife windows listener create --cert-passphrase "strong_passphrase" --hostname "*.cloudapp.net" --cert-install "~/server_cert.pfx"
-The command also allows you to use existing certificates from local store to create winrm listener. Use --cert-thumbprint option to specify the certificate thumbprint.
-    knife windows listener create --cert-passphrase "strong_passphrase" --hostname "*.cloudapp.net" --cert-thumbprint "bf0fef0bb41be40ceb66a3b38813ca489fe99746"
-You can get the thumbprint for existing certificates in local store using the following PowerShell command:
-    Get-ChildItem -path cert:\LocalMachine\My
-## BOOTSTRAP TEMPLATES:
-This gem provides the bootstrap template `windows-chef-client-msi`.
-### windows-chef-client-msi
-This bootstrap template does the following:
-* Installs the latest version of Chef (and all dependencies) using the `chef-client` msi.
-* Writes the validation.pem per the local knife configuration.
-* Writes a default config file for Chef (`C:\chef\client.rb`) using values from the `knife.rb`.
-* Creates a JSON attributes file containing the specified run list and run Chef.
-This is the default bootstrap template used by both of the `knife windows bootstrap winrm` and `knife windows bootstrap ssh` subcommands.
-## REQUIREMENTS/SETUP:
-### Ruby
-Ruby 1.9.3+ is needed.
-### Chef Version
-This knife plugins requires >= Chef 11.0.0. More details about Knife plugins can be
-[found in the Chef documentation](https://docs.chef.io/plugin_knife.html).
-## Nodes
-**NOTE**: Before any WinRM related knife subcommands will function correctly a node's WinRM installation must be configured correctly. The below settings should be added to your base server image (AMI) or passed in using some sort of user-data mechanism provided by your cloud provider.
-A server running WinRM must also be configured properly to allow outside connections and the entire network path from the knife workstation to the server. The easiest way to accomplish this is to use [WinRM's quick configuration option](http://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx#quick_default_configuration):
-    winrm quickconfig -q
-The Chef and Ohai gem installations (that occur during bootstrap) take more
-memory than the default 150MB WinRM allocates per shell on older versions of
-Windows (prior to Windows Server 2012) -- this can slow down
-bootstrap. Optionally increase the memory limit to 300MB with the following command:
-    winrm set winrm/config/winrs @{MaxMemoryPerShellMB="300"}
-Bootstrap commands can take longer than the WinRM default 60 seconds to
-complete, optionally increase to 30 minutes if bootstrap terminates a command prematurely:
-    winrm set winrm/config @{MaxTimeoutms="1800000"}
-WinRM supports both the HTTP and HTTPS transports and the following
-authentication schemes: Kerberos, Digest, Certificate and Basic. The details
-of these authentication transports are outside of the scope of this README but
-details can be found on the
-[WinRM configuration guide](http://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx).
-## WinRM authentication
-The default authentication protocol for `knife-windows` subcommands that use
-WinRM is the Negotiate protocol. The following commands when executed on a
-Windows system show authentication for domain and local accounts respectively:
-    knife bootstrap windows winrm web1.cloudapp.net -r 'server::web' -x 'proddomain\webuser' -P 'super_secret_password'
-    knife bootstrap windows winrm db1.cloudapp.net -r 'server::db' -x 'localadmin' -P 'super_secret_password'
-The commands above are using the default plaintext transport for WinRM --
-the default of Negotiate authentication may not be fully supported on
-non-Windows systems using the plaintext transport. To work around this, the
-remote system can be configured with an SSL WinRM listener instead of a
-plaintext listener. Then the above commands should be modified to use the SSL
-transport as follows using the `-t` (or `--winrm-transport`) option with the
-`ssl` argument:
-    knife bootstrap windows winrm -t ssl web1.cloudapp.net -r 'server::web' -x 'proddomain\webuser' -P 'super_secret_password'
-    knife bootstrap windows winrm -t ssl db1.cloudapp.net -r 'server::db' -x 'localadmin' -P 'super_secret_password'
-The commands using SSL above will work from any operating system, not just Windows.
-### Troubleshooting authentication
-For development and testing purposes, unencrypted traffic with Basic
-authentication can make it easier to test connectivity. The configuration for
-the remote system may be accomplished with the following commands:
-    winrm set winrm/config/service @{AllowUnencrypted="true"}
-    winrm set winrm/config/service/auth @{Basic="true"}
-To test connectivity via `knife-windows` from another system, the default
-authentication protocol of Negotiate must be overridden using the
-`--winrm-authentication-protocol` option with the desired protocol, in this
-case Basic:
-    knife winrm -m web1.cloudapp.net --winrm-authentication-protocol basic ipconfig -x 'localadmin' -P 'super_secret_password'
-Note that when using Basic authentication, domain accounts may not be used for
-authentication; an account local to the remote system must be used.
-### Platform WinRM authentication support
-`knife-windows` supports `Kerberos`, `Negotiate`, and `Basic` authentication
-for WinRM communication. However, some of these protocols
-may not work with `knife-windows` on non-Windows systems because
-`knife-windows` relies on operating system libraries such as GSSAPI to implement
-Windows authentication, and some versions of these libraries do not
-fully implement the protocols.
-The following table shows the authentication protocols that can be used with
-`knife-windows` depending on whether the knife workstation is a Windows
-system, the transport, and whether or not the target user is a domain user or
-local to the target Windows system.
-| Workstation OS / Account Scope | SSL                          | Plaintext                  |
-|--------------------------------|------------------------------|----------------------------|
-| Windows / Local                | Kerberos, Negotiate* , Basic | Kerberos, Negotiate, Basic |
-| Windows / Domain               | Kerberos, Negotiate          | Kerberos, Negotiate        |
-| Non-Windows / Local            | Kerberos, [Negotiate*](https://github.com/chef/knife-windows/issues/176) Basic | Kerberos, Basic |
-| Non-Windows / Domain           | Kerberos, Negotiate          | Kerberos                   |
-> \* There is a known defect in the `knife winrm` and `knife bootstrap windows
-> winrm` subcommands invoked on any OS  platform when authenticating with the Negotiate protocol over
-> the SSL transport. The defect is tracked by
-> [knife-windows issue #176](https://github.com/chef/knife-windows/issues/176): If the remote system is
-> domain-joined, local accounts may not be used to authenticate via Negotiate
-> over SSL -- only domain accounts will work. Local accounts will only
-> successfully authenticate if the system is not joined to a domain.
->
-> This is generally not an issue for bootstrap scenarios, where the
-> system has yet to be joined to any domain, but can be a problem for remote
-> management cases after the system is domain joined. Workarounds include using
-> a domain account instead, or enabling Basic authentication on the remote
-> system (unencrypted communication **does not** need to be enabled to make
-> Basic authentication function over SSL).
-## General troubleshooting
-* When I run the winrm command I get: "Error: Invalid use of command line. Type "winrm -?" for help."
-  You're running the winrm command from PowerShell and you need to put the key/value pair in single quotes. For example:
-   `winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'`
-* Windows 2008R2 and earlier versions require an extra configuration for MaxTimeoutms to avoid WinRM::WinRMHTTPTransportError: Bad HTTP response error while bootstrapping. It should be atleast 300000.
-    `winrm set winrm/config @{MaxTimeoutms="300000"}`
-## CONTRIBUTING:
-Please file bugs against the KNIFE_WINDOWS project at https://github.com/chef/knife-windows/issues.
-More information on the contribution process for Chef projects can be found in the [Chef Contributions document](http://docs.chef.io/community_contributions.html).
-# LICENSE:
-Author:: Seth Chisamore (<schisamo@chef.io>)
-Copyright:: Copyright (c) 2015 Chef Software, Inc.
-License:: Apache License, Version 2.0
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+Knife Windows Plugin
+====================
+[![Build Status Master](https://travis-ci.org/chef/knife-windows.svg?branch=master)](https://travis-ci.org/chef/knife-windows)
+[![Build Status Master](https://ci.appveyor.com/api/projects/status/github/chef/knife-windows?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/knife-windows/branch/master)
+This plugin adds additional functionality to the Chef Knife CLI tool for
+configuring / interacting with nodes running Microsoft Windows:
+* Bootstrap of nodes via the [Windows Remote Management (WinRM)](http://msdn.microsoft.com/en-us/library/aa384426\(v=VS.85\).aspx) or SSH protocols
+* Remote command execution using the WinRM protocol
+* Utilities to configure WinRM SSL endpoints on managed nodes
+## Subcommands
+This plugin provides the following Knife subcommands. Specific command options can be found by invoking the subcommand with a `--help` flag
+### knife winrm
+The `winrm` subcommand allows you to invoke commands in parallel on a subset of the nodes in your infrastructure. The `winrm` subcommand uses the same syntax as the [search subcommand](https://docs.chef.io/knife_search.html); you could could find the uptime of all your web servers using the command:
+    knife winrm "role:web" "net stats srv" -x Administrator -P 'super_secret_password'
+Or force a chef run:
+    knife winrm "myserver.myorganization.net" "chef-client -c c:/chef/client.rb" -m -x Administrator -P "super_secret_password"
+    myserver.myorganization.net [Fri, 04 Mar 2011 22:00:49 +0000] INFO: Starting Chef Run (Version 0.9.12)
+    myserver.myorganization.net [Fri, 04 Mar 2011 22:00:50 +0000] WARN: Node ip-0A502FFB has an empty run list.
+    myserver.myorganization.net [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Chef Run complete in 4.383966 seconds
+    myserver.myorganization.net [Fri, 04 Mar 2011 22:00:53 +0000] INFO: cleaning the checksum cache
+    myserver.myorganization.net [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Running report handlers
+    myserver.myorganization.net [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Report handlers complete
+This subcommand operates in a manner similar to [knife ssh](https://docs.chef.io/knife_ssh.html)...just leveraging the WinRM protocol for communication. It also includes `knife ssh`'s "[interactive session mode](https://docs.chef.io/knife_ssh.html#options)"
+### knife bootstrap windows winrm
+Performs a Chef Bootstrap (via the WinRM protocol) on the target node. The goal of the bootstrap is to get Chef installed on the target system so it can run Chef Client with a Chef Server. The main assumption is a baseline OS installation exists. It is primarily intended for Chef Client systems that talk to a Chef server.
+This subcommand operates in a manner similar to [knife bootstrap](https://docs.chef.io/knife_bootstrap.html)...just leveraging the WinRM protocol for communication. An initial run_list for the node can also be passed to the subcommand. Example usage:
+    knife bootstrap windows winrm myserver.myorganization.net -r 'role[webserver],role[production]' -x Administrator -P 'super_secret_password'
+#### Tip: Use SSL for WinRM communication
+By default, the `knife winrm` and `knife bootstrap windows winrm` subcommands use a plaintext transport,
+but they support an option `--winrm-transport` (or `-t`) with the argument
+`ssl` that allows the SSL to secure the WinRM payload. Here's an example:
+    knife winrm -t ssl "role:web" "net stats srv" -x Administrator -P "super_secret_password" -f ~/server_public_cert.crt
+Use of SSL is strongly recommended, particularly when invoking `knife-windows` on non-Windows platforms, since
+without SSL there are limited options for ensuring the privacy of the
+plaintext transport. See the section on [Platform authentication
+support](#platform-winrm-authentication-support).
+SSL will become the default transport in future revisions of
+`knife-windows`.
+### knife wsman test
+Connects to the remote WSMan/WinRM endpoint and verifies the remote node is listening.  This is the equivalent of running Test-Wsman from PowerShell.  Endpoints to test can be specified manually, or be driven by search and use many of the same connection options as knife winrm.
+To test a single node using the default WinRM port (5985)
+    knife wsman test 192.168.1.10 -m
+or to test a single node with SSL enabled on the default port (5986)
+    knife wsman test 192.168.1.10 -m --winrm-transport ssl
+or to test all windows nodes registered with your Chef Server organization
+    knife wsman test platform:windows
+### knife bootstrap windows ssh
+Performs a Chef Bootstrap (via the SSH protocol) on the target node. The goal of the bootstrap is to get Chef installed on the target system so it can run Chef Client with a Chef Server. The main assumption is a baseline OS installation exists. It is primarily intended for Chef Client systems that talk to a Chef server.
+This subcommand assumes the SSH session will use the Windows native cmd.exe command shell vs a bash shell through an emulated cygwin layer. Most popular Windows based SSHd daemons like [freeSSHd](http://www.freesshd.com/) and [WinSSHD](http://www.bitvise.com/winsshd) behave this way.
+An initial run_list for the node can also be passed to the subcommand. Example usage:
+    knife bootstrap windows ssh myserver.myorganization.net -r "role[webserver],role[production]" -x Administrator -i ~/.ssh/id_rsa
+### knife windows cert generate
+Generates a certificate(x509) containing a public / private key pair for WinRM 'SSL' communication.
+The certificate will be generated in three different formats *.pfx, *.b64 and *.pem.
+The PKCS12(i.e *.pfx) contains both the public and private keys, usually used on the server. This will be added to WinRM Server's Certificate Store.
+The *.b64 is Base64 PKCS12 key pair. Contains both the public and private keys, for upload to the Cloud REST API. e.g. Azure.
+The *.pem is Base64 encoded public certificate only. Required by the client to connect to the server.
+This command also displays the thumbprint of the generated certificate.
+    knife windows cert generate --cert-passphrase "strong_passphrase" --hostname "myserver.myorganization.net" --output-file "~/server_cert.pfx"
+    # This command will generate certificates in the user's home directory with names server_cert.b64, server_cert.pfx and server_cert.pem.
+### knife windows cert install
+This command only functions on Windows. It adds the specified certificate to its certificate store. This command must include a valid PKCS12(i.e *.pfx) certificate file path.
+    knife windows cert install "~/server_cert.pfx" --cert-passphrase "strong_passphrase"
+### knife windows listener create
+This command only functions on Windows. It creates the winrm listener for SSL communication(i.e HTTPS).
+This command can also install certificate which is specified using --cert-install option and use the installed certificate thumbprint to create winrm listener.
+--hostname option is optional. Default value for hostname is *.
+    knife windows listener create --cert-passphrase "strong_passphrase" --hostname "myserver.mydomain.net" --cert-install "~/server_cert.pfx"
+The command also allows you to use existing certificates from local store to create winrm listener. Use --cert-thumbprint option to specify the certificate thumbprint.
+    knife windows listener create --cert-passphrase "strong_passphrase" --hostname "myserver.mydomain.net" --cert-thumbprint "bf0fef0bb41be40ceb66a3b38813ca489fe99746"
+You can get the thumbprint for existing certificates in the local store using the following PowerShell command:
+    ls cert:\LocalMachine\My
+## Bootstrap template
+This gem provides the bootstrap template `windows-chef-client-msi`,
+which does the following:
+* Installs the latest version of Chef Client (and all dependencies) using the `chef-client` msi.
+* Writes the validation.pem per the local knife configuration.
+* Writes a default config file for Chef (`C:\chef\client.rb`) using values from the `knife.rb`.
+* Creates a JSON attributes file containing the specified run list and run Chef.
+This template is used by both `knife windows bootstrap winrm` and `knife windows bootstrap ssh` subcommands.
+## Requirements / setup
+### Ruby
+Ruby 1.9.3+ is required.
+### Chef version
+This knife plugins requires >= Chef 11.0.0. More details about Knife plugins can be
+[found in the Chef documentation](https://docs.chef.io/plugin_knife.html).
+## Nodes
+### WinRM versions
+The node must be running Windows Remote Management (WinRM) 2.0+. WinRM
+allows you to call native objects in Windows. This includes, but is not
+limited to, running PowerShell scripts, batch scripts, and fetching WMI
+data. For more information on WinRM, please visit
+[Microsoft's WinRM site](http://msdn.microsoft.com/en-us/library/aa384426\(v=VS.85\).aspx).
+WinRM is built into Windows 7 and Windows Server 2008+. It can also [be installed](https://support.microsoft.com/en-us/kb/968929) on older version of Windows, including:
+* Windows Server 2003
+* Windows Vista
+### WinRM configuration
+**NOTE**: Before any WinRM related knife subcommands will function
+  a node's WinRM installation must be configured correctly.
+  The settings below must be added to your base server image or passed
+  in using some sort of user-data mechanism provided by your cloud
+  provider. Some cloud providers will set up the required WinRM
+  configuration through the cloud API for creating instances -- see
+  the documentation for the provider.
+A server running WinRM must also be configured properly to allow
+outside connections for the entire network path from the knife workstation to the server. The easiest way to accomplish this is to use [WinRM's quick configuration option](http://msdn.microsoft.com/en-us/library/aa384372\(v=vs.85\).aspx#quick_default_configuration):
+    winrm quickconfig -q
+This will set up an WinRM listener using the HTTP (plaintext)
+transport -- WinRM also supports the SSL transport for improved
+robustness against information disclosure and other threats.
+The chef-client installation and bootstrap may take more
+memory than the default 150MB WinRM allocates per shell on older versions of
+Windows (prior to Windows Server 2012) -- this can slow down
+bootstrap or cause it to fail. The memory limit was increased to 1GB with Windows Management Framework 3
+(and Server 2012). However, there is a bug in Windows Management Framework 3
+(and Server 2012) which requires a [hotfix from Microsoft](https://support.microsoft.com/en-us/kb/2842230/en-us).
+You can increase the memory limit to 1GB with the following PowerShell
+command:
+```powershell
+    set-item wsman:\localhost\shell\maxmemorypershellmb 1024
+```
+Bootstrap commands can take longer than the WinRM default 60 seconds to
+complete, optionally increase to 30 minutes if bootstrap terminates a command prematurely:
+```powershell
+    set-item wsman:\localhost\MaxTimeoutms 300000
+```
+Note that the `winrm` command itself supports the same configuration
+capabilities as the PowerShell commands given above -- if you need to
+configure WinRM without using PowerShell, use `winrm -?` to get help.
+WinRM supports both the HTTP and HTTPS (SSL) transports and the following
+authentication schemes: Kerberos, Digest, Certificate and Basic. The details
+of these authentication transports are outside of the scope of this
+README but details can be found on the
+[WinRM configuration guide](http://msdn.microsoft.com/en-us/library/aa384372\(v=vs.85\).aspx).
+#### Configure SSL on a Windows node
+WinRM supports use of SSL to provide privacy and integrity of
+communication using the protocol and to prevent spoofing attacks.
+##### Configure SSL using `knife`
+`knife-windows` includes three commands to assist with SSL
+configuration -- these commands support all versions of Windows and do
+not rely on PowerShell:
+* `knife windows cert generate`: creates a certificate that may be used
+  to configure an SSL WinRM listener
+* `knife windows cert install`: Installs a certificate into the
+  Windows certificate store so it can be used to configure an SSL
+  WinRM listener.
+* `knife windows listener create`: Creates a WinRM listener on a
+  Windows node -- it can use either a certificate already installed in
+  the Windows certificate store, or one created by other tools
+  including the `knife windows cert generate` command.
+Here is an example that configures a listener on the node on which the
+commands are executed:
+    knife windows cert generate --domain myorg.org --output-file $env:userprofile/winrmcerts/winrm-ssl
+    knife windows listener create --hostname *.myorg.org --cert-install $env:userprofile/winrmcerts/winrm-ssl.pfx
+Note that the first command which generates the certificate for the
+listener could be executed from any system that can run `knife` as
+long as the certificate it generates is made available at a path at
+which the second command can access it.
+See previous sections for additional details of the `windows cert generate`, `windows cert install` and `windows listener create` subcommands.
+##### Configure SSL using *PowerShell 4.0 or later*
+The following PowerShell commands may be used to create an SSL WinRM
+listener with a self-signed certificate:
+```powershell
+$cert = New-SelfSignedCertificate -Subject 'myserver.mydomain.org' -Type SSLServerAuthentication -FriendlyName WinRMCert
+new-item -address * -force -path wsman:\localhost\listener -port 5986 -hostname ($cert.subject -split '=')[1] -transport https -certificatethumbprint $cert.Thumbprint
+```
+Note that the first command which uses the `New-SelfSignedCertificate`
+cmdlet is available only in PowerShell version 4.0 and later.
+##### Configure SSL using `winrm quickconfig`
+The following command can configure an SSL WinRM listener if the
+Windows certificate store's Local Machine store contains a certificate
+that meets certain criteria that are most likely to be met if the
+system is joined to a Windows Active Directory domain:
+    winrm quickconfig -transport:https -q
+If the criteria are not met, an error message will follow with
+guidance on the certificate requirements; you may need to obtain a
+certificate from the appropriate source or use the PowerShell or
+`knife` techniques given above to create the listener instead.
+##### Disabling peer verification
+In the SSL examples above, the `-f` parameter was used to supply a
+certificate that could validate the identity of the remote server.
+For debugging purposes, this validation may be skipped if you have not
+obtained a public certificate that can validate the server. Here is an
+example:
+    knife winrm -m 192.168.0.6 -x "mydomain\myuser" -P $PASSWD -t ssl --winrm-ssl-verify-mode verify_none ipconfig
+This option should be used carefully since disabling the verification of the
+remote system's certificate can subject knife commands to spoofing attacks.
+## WinRM authentication
+The default authentication protocol for `knife-windows` subcommands that use
+WinRM is the Negotiate protocol. The following commands when executed on a
+Windows system show authentication for domain and local accounts respectively:
+    knife bootstrap windows winrm web1.cloudapp.net -r "server::web" -x "proddomain\webuser" -P "super_secret_password"
+    knife bootstrap windows winrm db1.cloudapp.net -r "server::db" -x "localadmin" -P "super_secret_password"
+The commands above are using the default plaintext transport for WinRM --
+the default of Negotiate authentication may not be fully supported on
+non-Windows systems using the plaintext transport. To work around this, the
+remote system can be configured with an SSL WinRM listener instead of a
+plaintext listener. Then the above commands should be modified to use the SSL
+transport as follows using the `-t` (or `--winrm-transport`) option with the
+`ssl` argument:
+    knife bootstrap windows winrm -t ssl web1.cloudapp.net -r "server::web" -x "proddomain\webuser" -P "super_secret_password" -f ~/mycert.crt
+    knife bootstrap windows winrm -t ssl db1.cloudapp.net -r "server::db" -x "localadmin" -P "super_secret_password" ~/mycert.crt
+The commands using SSL above will work from any operating system, not
+just Windows.
+### Troubleshooting authentication
+For development and testing purposes, unencrypted traffic with Basic
+authentication can make it easier to test connectivity. The configuration for
+the remote system may be accomplished with the following PowerShell commands:
+```powershell
+set-item wsman:\localhost\service\allowunencrypted $true
+set-item wsman:\localhost\service\auth\basic $true
+```
+To test connectivity via `knife-windows` from another system, the default
+authentication protocol of Negotiate must be overridden using the
+`--winrm-authentication-protocol` option with the desired protocol, in this
+case Basic:
+    knife winrm -m web1.cloudapp.net --winrm-authentication-protocol basic ipconfig -x localadmin -P "super_secret_password"
+Note that when using Basic authentication, domain accounts may not be used for
+authentication; an account local to the remote system must be used.
+### Platform WinRM authentication support
+`knife-windows` supports `Kerberos`, `Negotiate`, and `Basic` authentication
+for WinRM communication. However, some of these protocols
+may not work with `knife-windows` on non-Windows systems because
+`knife-windows` relies on operating system libraries such as GSSAPI to implement
+Windows authentication, and some versions of these libraries do not
+fully implement the protocols.
+The following table shows the authentication protocols that can be used with
+`knife-windows` depending on whether the knife workstation is a Windows
+system, the transport, and whether or not the target user is a domain user or
+local to the target Windows system.
+| Workstation OS / Account Scope | SSL                          | Plaintext                  |
+|--------------------------------|------------------------------|----------------------------|
+| Windows / Local                | Kerberos, Negotiate* , Basic | Kerberos, Negotiate, Basic |
+| Windows / Domain               | Kerberos, Negotiate          | Kerberos, Negotiate        |
+| Non-Windows / Local            | Kerberos, [Negotiate*](https://github.com/chef/knife-windows/issues/176) Basic | Kerberos, Basic |
+| Non-Windows / Domain           | Kerberos, Negotiate          | Kerberos                   |
+> \* There is a known defect in the `knife winrm` and `knife bootstrap windows
+> winrm` subcommands invoked on any OS  platform when authenticating with the Negotiate protocol over
+> the SSL transport. The defect is tracked by
+> [knife-windows issue #176](https://github.com/chef/knife-windows/issues/176): If the remote system is
+> domain-joined, local accounts may not be used to authenticate via Negotiate
+> over SSL -- only domain accounts will work. Local accounts will only
+> successfully authenticate if the system is not joined to a domain.
+>
+> This is generally not an issue for bootstrap scenarios, where the
+> system has yet to be joined to any domain, but can be a problem for remote
+> management cases after the system is domain joined. Workarounds include using
+> a domain account instead, or enabling Basic authentication on the remote
+> system (unencrypted communication **does not** need to be enabled to make
+> Basic authentication function over SSL).
+## General troubleshooting
+* Windows 2008R2 and earlier versions require an extra configuration
+  for MaxTimeoutms to avoid WinRM::WinRMHTTPTransportError: Bad HTTP
+  response error while bootstrapping. It should be at least 300000.
+  `set-item wsman:\\localhost\\MaxTimeoutms 300000`
+* When I run the winrm command I get: "Error: Invalid use of command line. Type "winrm -?" for help."
+  You're running the winrm command from PowerShell and you need to put the key/value pair in single quotes. For example:
+   `winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}'`
+## CONTRIBUTING:
+Please file bugs against the KNIFE_WINDOWS project at https://github.com/chef/knife-windows/issues.
+More information on the contribution process for Chef projects can be found in the [Chef Contributions document](http://docs.chef.io/community_contributions.html).
+# LICENSE:
+Author:: Seth Chisamore (<schisamo@chef.io>)
+Copyright:: Copyright (c) 2015 Chef Software, Inc.
+License:: Apache License, Version 2.0
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.