How To Launch A Task With Highest Privileges
ISSUE TYPE
.cmd in Windows Server 2008 task scheduler w/o highest privileges. Start task manually, and it finishes with code 0x1. 'Run with highest privileges' just tells.
How To Launch A Task With Highest Privileges In Windows 10
- Feature Idea
COMPONENT NAME
win_scheduled_task
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Linux server managing a Windows host.
SUMMARY
Currently Ansible's scheduled_task module only allows setting a user, but the task will run unelevated at Medium Integrity level.
Windows, Scheduled Tasks have an option 'Run with highest privileges', which means the task will run as an administrator (elevated) with Mandatory Label High Mandatory integrity level (if the user is an administrator).
I suggest that Ansible's scheduled_task module exposes this as a runlevel parameter with the options Highest and Limited and default to Limited. This matching sytle with PowerShell.
Many tasks in Windows unfortunately cannot be completed via win_command, win_shell, or win_psexec because they do not work with a remote logon and require a local logon. Using a scheduled task is a way to work around this. However such tasks often require administrator privileges. One concrete example is trying to do Windows Update related tasks (when Ansible's win_updates is too basic).
My current workaround is to run a powershell script that modifies the scheduled task, setting the principal to a new principal object that has runlevel highest, I also then start the scheduled task immediately as I'm just using it as a trick to work-around Windows Remoting limitations mentioned above.
STEPS TO REPRODUCE
Setup a scheduled task to run whoami /all and look at the output.
EXPECTED RESULTS
Running as medium integrity level. But I'd like an easy option to allow running as High.
ACTUAL RESULTS
Running as medium integrity level.