winget with remote access

tm589 0 Reputation points
2023-11-27T13:50:49.9033333+00:00

Hello,

We can use our remote maintenance program (NinjaOne) to run Powershell or CMD as a system or with another user. We would like to use Winget to update the programs on the clients in silent mode. However, winget requires a logged-in user who also has administrative rights.

The rule is that users only have user rights. Is there a way that I can now log in the domain administrator in the background via Powershell and execute the Winget command "upgrade -h -r" there? Alternatively, that the Powershell command runs in the background for the logged-in user, but with elevated rights?

I am also open to alternatives.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,142 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,904 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. White, Brad C 0 Reputation points
    2023-11-29T03:02:18.8766667+00:00

    "Is there a way that I can now log in the domain administrator in the background via Powershell..."

    I hope you're not referring to an actual Domain Admin account (i,e. a domain account in the Domain Admins Security Group). That should be locked down so it can only be used with Domain Controllers.

    In regards to your question, I just worked through this myself. WinGet still isn't exactly designed to be ran as a System account. NinjaOne is likely trying to perform actions as System, so the WinGet verb isn't recognized, as it's only on the PATH of a logged-in User.

    There are a couple different ways to get this to work. I'm personally using the below (thanks to /u/u/naps1saps on Reddit).

    This would install vlc as System (i,e. with NinjaOne. or any RMM). For your purpose you could modify it to do winget upgrade --all --silent, but the $path variable and second half of the script is how it is able to run as System.

    $app = 'vlc';
    $path = Resolve-Path -Path 'c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe';
    $args = "install $app --source msstore --scope machine --accept-package-agreements --accept-source-agreements";
    
    If (Test-Path $path -PathType Leaf) {
        $p = Start-Process -FilePath $path -WindowStyle Hidden -PassThru -ArgumentList $args;
        $p.WaitForExit();
    } else {
        Write-Output 'Winget path invalid';
    }
    
    0 comments No comments