-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need win_shell to run with elevated privileges #68086
Comments
Files identified in the description: If these files are inaccurate, please update the |
There are no errors in the output, it could be an error with double hop or something in the script itself. |
Is This A Bug?Hi! Thanks very much for your submission to Ansible. It sincerely means a lot to us. We're not sure this is a bug, and we don't mean for this to be confrontational. Let's explain what we're thinking:
The fix for the double hop problem as well as some other less common permissions issues with WinRM normally is to either use CredSSP or Kerberos with credential delegation auth, or use become on the task as documented at https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#limitations. As such, we're going to close this ticket. However, we're open to being corrected, should you wish to discuss. You can stop by one of our two mailing lists
Comments on closed tickets aren't something we monitor, so if you do disagree with this, a mailing list thread is probably appropriate. Thank you once again for this and your interest in Ansible! |
@ShachafGoldstein thanks for the quick response. I just tried to see if it was a double hop issue by adding the following: become: yes
become_method: runas
vars:
ansible_become_user: '{{ ansible_user }}'
ansible_become_pass: '{{ ansible_password }}' But still not updating config file. I ran the script locally instead and it updates configs that way. Do you know what else it could be? |
@aadams26 would rather chat about this on irc or ansible-project google group rather than a closed ticket, but does something else already have the file open? |
@jhawkesworth Hi, thank you I have already posted here: https://groups.google.com/forum/#!topic/ansible-project/2MPbadVGBcs And no, the file is not open, it is ported over using ansible and then immediately deleted once complete. In order to test that it was successfully working I simply transferred the file and ran it manually. It works perfectly when running powershell as admin. |
SUMMARY
Need win_shell to run local ps1 script file as elevated to modify file located in C:\Program Files.
ISSUE TYPE
COMPONENT NAME
win_shell
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Ansible host:
CentOS 7
Target host:
Windows Server 2012
STEPS TO REPRODUCE
Authentication. NOTE user has local administrative privileges - part of 'Administrators' group.
Playbook
Imported task
EXPECTED RESULTS
Configuration update done through ps1 file should reflect in the WinCollect Configuration Console the way it does when running the script locally via RDP.
ACTUAL RESULTS
Configurations do not go through. I believe that this is because xml.save is unable to save to the file in C:\Program Files in spite of the user being part of the 'administrators' group. When I run this script locally I am able to see the changes no problem by running powershell as administrator and running the script file.
The text was updated successfully, but these errors were encountered: