Open for Voting

FEATURE REQUEST - Powershell component - run as administrator

Hello emoticons_happy.png

This one is (in my head at least) quite simple and straight forward, how come we can't have a powershell component run with administrator permissions on a node with an agent installed?

My request should in theory be quite simple to add, just a checkbox in the powershell component saying "Run as administrator", and then it will do just that.

You should already have code that does just that only requiring minor adjustments, while remote deploying an agent you require the installer to run with administrator elevation to install.

My specific use-case is monitoring a scheduled task that is in a custom folder that requires local admin permissions, but there are many other scenarios where administrator permissions could be required to monitor something.

This request could also be extended to the "Windows Script monitor" and "Linux/Unix Script Monitor" (SUDO instead of administrator obviously)

Edit:

Specifically I mean a powershell session elevated to full administrator permissions, a way to test this is with the script below:

$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())

if ($currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {

write-host "Message:This powershell session does have administrator permissions"

write-host "Statistic:0"

} else {

write-host "Message:This powershell session does NOT have administrator permissions"

write-host "Statistic:100"

}

This will only return with statistic 0 if the powershell session is elevated to administrator permissions.

pastedImage_0.png

mirsar_

  • I got around the code execution issues by adding the Solarwinds Orion server as a user on the remote machine. Select Object Types, then click on Computer then add the hostname of your Orion server.

    Then your Orion server can have admin rights when it runs it's scripts against the remote machine.

  • What you are stating is not just firewall for "security reasons". Windows (Microsoft) has worked hard to stop random code from executing. I believe you may be conflating local user/file permissions with global permissions. If your script is to figure out if you are using Administrator in Powershell; it'd just be simpler to use the command "whoami" and "net localgroup administrators"

    Code execution occurs at the shell level or if you set the shell execution to administrator within registry, GPO, or services. Most of these I would not recommend as this process is probably occurring on a production server. If this is just to elevate the script to execute; there are much simpler methods to automate this process. Could you elaborate on what it is you are trying to achieve?

  • in reply to jm_sysadmin

    yes this is a possible workaround to the issue by running the code remotely from the Orion polling engine, however there are multiple instances where remote code execution is either not possible (fx: Powershell remoting [WinRM] is blocked by a firewall for security reasons) or simply just very impractical to resolve a monitoring need.

  • in reply to cgriffin512

    I do like me some PowerShell, but this is more of a SolarWinds agent thing than a PowerShell thing.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.