Runs PowerShell commands as elevated over Windows Remote Management (WinRM) via a scheduled task
This gem allows you to break out of the magical WinRM constraints thus allowing to reach out to network shares and even install Windows updates, .NET, SQL Server etc.
Running commands elevated
require 'winrm' require 'winrm-elevated' conn = WinRM::Connection.new(... conn.shell(:elevated) do |shell| shell.run('$PSVersionTable') do |stdout, stderr| STDOUT.print stdout STDERR.print stderr end end
Impersonating a service account
By passing a
nil password, winrm-elevated will assume that the command should run as a service account:
require 'winrm' require 'winrm-elevated' conn = WinRM::Connection.new(... conn.shell(:elevated) do |shell| shell.username = 'System' shell.password = nil shell.run('$PSVersionTable') do |stdout, stderr| STDOUT.print stdout STDERR.print stderr end end
Using an interactive task
true, the scheduled task will be configured to use an interactive logon allowing all command activity to be viewable from a RDP session if logged on as the same user as the winrm credentials:
require 'winrm' require 'winrm-elevated' conn = WinRM::Connection.new(... conn.shell(:elevated) do |shell| shell.interactive_logon = true shell.run('notepad.exe') end
How does it work?
The gem works by creating a new logon session local to the Windows box by using a scheduled task. After this point WinRM is just used to read output from the scheduled task via a log file.
- The command you'd like to run outside the WinRM context is saved to a temporary file.
- This file is uploaded to the machine over WinRM.
- A script is executed over WinRM and does the following:
- Scheduled task is created which will execute your command and redirect stdout and stderr to a location known by elevated_shell.ps1.
- The scheduled task is executed.
- elevated_shell.ps1 polls the stdout and stderr log files and writes them back to WinRM. The script continues in this loop until the scheduled task is complete.
If you're having trouble, first of all its most likely a network or WinRM configuration issue. Take a look at the WinRM gem troubleshooting first.
- Fork it.
- Create a branch (git checkout -b my_feature_branch)
- Run the unit and integration tests (bundle exec rake integration)
- Commit your changes (git commit -am "Added a sweet feature")
- Push to the branch (git push origin my_feature_branch)
- Create a pull requst from your branch into master (Please be sure to provide enough detail for us to cipher what this change is doing)
Running the tests
We use Bundler to manage dependencies during development.
$ bundle install
Once you have the dependencies, you can run the unit tests with
$ bundle exec rake spec
To run the integration tests you will need a Windows box with the WinRM service properly configured. Its easiest to use the Vagrant Windows box in the Vagrantilfe of this repo.
- Create a Windows VM with WinRM configured (see above).
- Copy the config-example.yml to config.yml - edit this file with your WinRM connection details.
bundle exec rake integration
- Shawn Neal (https://github.com/sneal)