0.21
No release in over 3 years
Low commit activity in last 3 years
There's a lot of open issues
Ruby library for running commands via WinRM as elevated through a scheduled task
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 10.3, < 13
~> 3.2
~> 0.51.0

Runtime

~> 1.8
~> 2.0
~> 1.0
 Project Readme

Runs PowerShell commands as elevated over Windows Remote Management (WinRM) via a scheduled task

Gem Version

This gem allows you to break out of the magical WinRM constraints thus allowing to reach out to network shares and even install Windows updates, .NET, SQL Server etc.

Running commands elevated

require 'winrm'
require 'winrm-elevated'

conn = WinRM::Connection.new(...
conn.shell(:elevated) do |shell|
  shell.run('$PSVersionTable') do |stdout, stderr|
    STDOUT.print stdout
    STDERR.print stderr
  end
end

Impersonating a service account

By passing a nil password, winrm-elevated will assume that the command should run as a service account:

require 'winrm'
require 'winrm-elevated'

conn = WinRM::Connection.new(...
conn.shell(:elevated) do |shell|
  shell.username = 'System'
  shell.password = nil
  shell.run('$PSVersionTable') do |stdout, stderr|
    STDOUT.print stdout
    STDERR.print stderr
  end
end

Using an interactive task

By setting interactive_logon to true, the scheduled task will be configured to use an interactive logon allowing all command activity to be viewable from a RDP session if logged on as the same user as the winrm credentials:

require 'winrm'
require 'winrm-elevated'

conn = WinRM::Connection.new(...
conn.shell(:elevated) do |shell|
  shell.interactive_logon = true
  shell.run('notepad.exe')
end

How does it work?

The gem works by creating a new logon session local to the Windows box by using a scheduled task. After this point WinRM is just used to read output from the scheduled task via a log file.

  1. The command you'd like to run outside the WinRM context is saved to a temporary file.
  2. This file is uploaded to the machine over WinRM.
  3. A script is executed over WinRM and does the following:
  4. Scheduled task is created which will execute your command and redirect stdout and stderr to a location known by elevated_shell.ps1.
  5. The scheduled task is executed.
  6. elevated_shell.ps1 polls the stdout and stderr log files and writes them back to WinRM. The script continues in this loop until the scheduled task is complete.

Troubleshooting

If you're having trouble, first of all its most likely a network or WinRM configuration issue. Take a look at the WinRM gem troubleshooting first.

Contributing

  1. Fork it.
  2. Create a branch (git checkout -b my_feature_branch)
  3. Run the unit and integration tests (bundle exec rake integration)
  4. Commit your changes (git commit -am "Added a sweet feature")
  5. Push to the branch (git push origin my_feature_branch)
  6. Create a pull requst from your branch into master (Please be sure to provide enough detail for us to cipher what this change is doing)

Running the tests

We use Bundler to manage dependencies during development.

$ bundle install

Once you have the dependencies, you can run the unit tests with rake:

$ bundle exec rake spec

To run the integration tests you will need a Windows box with the WinRM service properly configured. Its easiest to use the Vagrant Windows box in the Vagrantilfe of this repo.

  1. Create a Windows VM with WinRM configured (see above).
  2. Copy the config-example.yml to config.yml - edit this file with your WinRM connection details.
  3. Run bundle exec rake integration

WinRM-elevated Authors

Contributors