How to use Knife winrm with Elevated Privileges


Greetings Masters

I am logging in with user “manish”. When I run command prompt “run as administrator” and pass chef-client, my executions passes. But when I open command prompt normally, my chef-client fails. It is OK when I run it locally because I can run it as administrator. But I am trying to run it remotely from workstation using “knife winrm” and I fail. Could you please tell me if we have a switch in chef “knife winrm” which will run the command “chef-client” as administrator.



Establishing a winrm connection with an admin user should run with administrative privileges. However, there are several commands that are known not to work over a winrm connection. The latest version of knife-windows (1.6.0) and the one released in the up coming chef-dk (0.18.22) provides a new command line argument --winrm-shell to the knife winrm command. You can specify elevated to this argument and all knife winrm commands will be run via a scheduled task to get around this winrm limitation. Note that the commands used with the elevated shell must be powershell.


You can pass –x Administrator if you need and know the password.

Nathan Clemons
DevOps Engineer
Moxie Cloud Services (MCS)

O +1.425.467.5075
M +1.360.861.6291
W www.gomoxie.com


I am lucky enough to get stuck with the issue just one day before new release. Your words are great relief. Thanks.

As I am writing, the latest version of chefDK is 0.17.17. And as you mentioned, we will see a new version (0.18.22) sometime today. I will wait for the new release.

Just to be prepared, Am I correct about following statement?

If I execute this command:
knife winrm --winrm-shell elevated NODENAME "chef-client -c c:/chef/client.rb" -m -x user-name -P "Super-secret-password"

This means that the chef-client command will be executed on my NODENAME with elevated privileges. 

Please correct me if I am wrong.