How to execute a command with another account within a windows script

Issue

Jobs On A Windows Agent Require Administrator Privileges

Environment

Cloudbees Jenkins Enterprise

Jenkins

Resolution

By using the elevate - Command-Line UAC Elevation Utility (elevate.exe) and disabling UAC on the Windows machine, commands can be run with Administrator Privileges.

Please see the simple use case below:

Test environment consisting of a Jenkins Master and a Windows 7 JNLP Agent.

I downloaded the elevate-1.3.0-redist.7z file from the link above and put into the C:\Users\cloudbees\Downloads\elevateUtility directory on the Windows 7 machine.

I disabled UAC as documented in the link above.

I created an adminTest.bat file in the C:\Users\cloudbees\Documents directory that contained:

   ::Test If script has Admin Priviledges/is elevated
   net session >nul 2>&1
   IF %ERRORLEVEL% EQU 0 (
    ECHO you are Administrator
   ) ELSE (
    ECHO you are NOT Administrator. Exiting...
    PING 127.0.0.1 > NUL 2>&1
    EXIT /B 1
   )

I created a Freestyle project called testElevate on my Jenkins Master that was restricted to run on the Windows agent machine with the following Windows bat command step:

   echo "Begin elevate Test"
   cd C:\Users\cloudbees\Documents
   C:\Users\cloudbees\Downloads\elevateUtility\bin.x86-32\elevate.exe -k adminTest.bat

which produced the following on the Windows JNLP Agent:

Windows7ScreenShot.png

With this proposed solution you should be able to modify the specific projects/jobs in Jenkins to execute commands
like .bat files with elevate for example, to get Administrator privileges.

Please note that I used the -k flag in the elevate.exe command to cause the cmd prompt to remain open to validate and document the output of the adminTest.bat file.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.