How to use Knife winrm with Elevated Privileges


#1

Greetings Masters

I am logging in with user “manish”. When I run command prompt “run as administrator” and pass chef-client, my executions passes. But when I open command prompt normally, my chef-client fails. It is OK when I run it locally because I can run it as administrator. But I am trying to run it remotely from workstation using “knife winrm” and I fail. Could you please tell me if we have a switch in chef “knife winrm” which will run the command “chef-client” as administrator.

Regards
Manish


#2

Establishing a winrm connection with an admin user should run with administrative privileges. However, there are several commands that are known not to work over a winrm connection. The latest version of knife-windows (1.6.0) and the one released in the up coming chef-dk (0.18.22) provides a new command line argument --winrm-shell to the knife winrm command. You can specify elevated to this argument and all knife winrm commands will be run via a scheduled task to get around this winrm limitation. Note that the commands used with the elevated shell must be powershell.


#3

You can pass –x Administrator if you need and know the password.

Nathan Clemons
DevOps Engineer
Moxie Cloud Services (MCS)

O +1.425.467.5075
M +1.360.861.6291
E nclemons@gomoxie.com
W www.gomoxie.comhttp://www.gomoxie.com/


#4

I am lucky enough to get stuck with the issue just one day before new release. Your words are great relief. Thanks.

As I am writing, the latest version of chefDK is 0.17.17. And as you mentioned, we will see a new version (0.18.22) sometime today. I will wait for the new release.

Just to be prepared, Am I correct about following statement?

If I execute this command:
knife winrm --winrm-shell elevated NODENAME "chef-client -c c:/chef/client.rb" -m -x user-name -P "Super-secret-password"

This means that the chef-client command will be executed on my NODENAME with elevated privileges. 

Please correct me if I am wrong.