Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request : Add winrm-elevated #42

Open
FireHelmet opened this issue Apr 4, 2017 · 11 comments
Open

Feature request : Add winrm-elevated #42

FireHelmet opened this issue Apr 4, 2017 · 11 comments

Comments

@FireHelmet
Copy link

Hello,

Is it possible to add winrm-elevated from https://github.com/WinRb/winrm-elevated ?

The goal is : This gem allows you to break out of the magical WinRM constraints thus allowing to reach out to network shares and even install Windows updates, .NET, SQL Server etc.

Thank you !

@FireHelmet
Copy link
Author

A little up :)

@vvchik
Copy link
Contributor

vvchik commented Apr 25, 2017

Well, it is a great idea, but I personally have a lack of time now.
But it is Open Source, so PR's is highly welcomed!

@FireHelmet
Copy link
Author

Hello vvchik,

This gem will solve this issue : #41 opened by me in few days ago.

I think this feature will be a big UP for your Rundeck plugin because it's the principal issue of winrm implementation :)

I can be a beta tester :).

Thank you !

@FireHelmet
Copy link
Author

@stoned, do you have time to work on this topic :) ?

I'm not a Ruby dev :(

Thanks to all !

@FireHelmet
Copy link
Author

A little up :)

@UnicodeTreason
Copy link
Contributor

Hi Firehelmet

Is this still an issue with the latest version?
I access network share locations all the time using this plugin.

@FireHelmet
Copy link
Author

@JustRiedy I will try with the latest version asap. But do you have configured the CredSSP ? In addition what are the OS versions ?

@UnicodeTreason
Copy link
Contributor

@FireHelmet I'm using the Negotiate authentication type, communicating with every server OS from 2k8 up to 2k16.

@FireHelmet
Copy link
Author

@JustRiedy I have tested with latest version (1.7.0) and the issue is the same 👍
image

And it's not related to a permission on the share because I can reach it from my computer with the same account used in Project definition. The job has been executed remotely from a Win2k8R2 with PowerShell 5.1

Thank you for your help.

@UnicodeTreason
Copy link
Contributor

Can confirm, same error.

I've never noticed the issue as I always manually open, authenticate and close connections to shares, due to the complex nature of the network I am on.

Write-Host "Connecting to shared location"
net use \\SERVER.DOMAIN\IPC$ PASSWORD /USER:DOMAIN\USERNAME | Out-Null

$source = "C:\Temp"
$destination = "\\SERVER.DOMAIN\C$\DATA"

If(-Not (Test-Path $destination)){
    New-Item -Path $destination -ItemType Directory | Out-Null
}

try{
    #Find all files and move them to shared location
    Write-Host "Starting Copy"
    Get-ChildItem $source -Recurse | Move-Item -Destination $destination
    Write-Host "Copy complete."
}
catch{
    Write-Host "Copy of item failed."
}

net use \\SERVER.DOMAIN\IPC$ /delete | Out-Null

As I have no need for this plugin change I won't be able to get time to work on it at the moment.

It is an interesting option to have though, and I can't see any reason not to add it as an extra shell type called Powershell Elevated or something.

If you're feeling brave Ruby's not a terrible language to play with, otherwise feel free to steal my share connection method till this change can be made in the future.

@FireHelmet
Copy link
Author

@JustRiedy Thanks for your code. tested and approved 👍 .

I will try to learn ruby :p...

The error above described in my first post is not an error it's related to winrm implementation...Microsoft impersonnate the winrm session when the connection is established so we cannot access to a remote location because the credential is anonymous. So we need to use Kerberos or CredSSp for multiple hop. But CredSSP doesn't work in my case and I don't know why and Kerberos is too complex and hard to configure...

Thank you for your support, keep me informed if you have time to include winrm-elevated :).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants