win_psexec - Runs commands (remotely) as another (privileged) user

New in version 2.3.

Synopsis

Requirements

The below requirements are needed on the host that executes this module.

  • Microsoft PsExec

Parameters

Parameter Choices/Defaults Comments
chdir
path
Run the command from this (remote) directory.
command
required
The command line to run through PsExec (limited to 260 characters).
elevated
bool
    Choices:
  • no ←
  • yes
Run the command with elevated privileges.
executable
path
Default:
psexec.exe
The location of the PsExec utility (in case it is not located in your PATH).
hostnames
list
The hostnames to run the command.
If not provided, the command is run locally.
interactive
bool
    Choices:
  • no ←
  • yes
Run the program so that it interacts with the desktop on the remote system.
limited
bool
    Choices:
  • no ←
  • yes
Run the command as limited user (strips the Administrators group and allows only privileges assigned to the Users group).
nobanner
bool

(added in 2.4)
    Choices:
  • no ←
  • yes
Do not display the startup banner and copyright message.
This only works for specific versions of the PsExec binary.
noprofile
bool
    Choices:
  • no ←
  • yes
Run the command without loading the account's profile.
password
The password for the (remote) user to run the command as.
This is mandatory in order authenticate yourself.
priority
    Choices:
  • background
  • low
  • belownormal
  • abovenormal
  • high
  • realtime
Used to run the command at a different priority.
session
int

(added in 2.7)
Specifies the session ID to use.
This parameter works in conjunction with interactive.
It has no effect when interactive is set to no.
system
bool
    Choices:
  • no ←
  • yes
Run the remote command in the System account.
timeout
int
The connection timeout in seconds
username
The (remote) user to run the command as.
If not provided, the current user is used.
wait
bool
    Choices:
  • no
  • yes ←
Wait for the application to terminate.
Only use for non-interactive applications.

Notes

Note

Examples

- name: Test the PsExec connection to the local system (target node) with your user
  win_psexec:
    command: whoami.exe

- name: Run regedit.exe locally (on target node) as SYSTEM and interactively
  win_psexec:
    command: regedit.exe
    interactive: yes
    system: yes

- name: Run the setup.exe installer on multiple servers using the Domain Administrator
  win_psexec:
    command: E:\setup.exe /i /IACCEPTEULA
    hostnames:
    - remote_server1
    - remote_server2
    username: DOMAIN\Administrator
    password: some_password
    priority: high

- name: Run PsExec from custom location C:\Program Files\sysinternals\
  win_psexec:
    command: netsh advfirewall set allprofiles state off
    executable: C:\Program Files\sysinternals\psexec.exe
    hostnames: [ remote_server ]
    password: some_password
    priority: low

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
cmd
string
always
The complete command line used by the module, including PsExec call and additional options.

Sample:
psexec.exe -nobanner \\remote_server -u "DOMAIN\Administrator" -p "some_password" -accepteula E:\setup.exe
rc
int
always
The return code for the command

stderr
string
always
The error output from the command

Sample:
Error 15 running E:\setup.exe
stdout
string
always
The standard output from the command

Sample:
Success.


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Dag Wieers (@dagwieers)

Hint

If you notice any issues in this documentation you can edit this document to improve it.