Windows Qemu-Agent RunAs

A

AdminSecNum

New Member
Feb 2, 2024
2
0
1
Hello,


I'm running into a problem right now with Windows, the qemu agent and impersonate.


I'm using the proxmox API to configure my windows VM which has the qemu agent installed.

When I join a domain and need to perform actions with a domain account, I can't execute a command with a domain account identity.

Or I am forced to set the service account of the qemu agent with this domain account, because the agent executes commands with the service account associated with it.

I've tried workarounds like running a powershell command with 'Start-Process -Credential' but nothing happens, the command only executes if I remove -Credential.
According to my research, this is probably due to the fact that a service account cannot impersonate.

Another solution for me was to start the WinRM service and run an Invoke-Command.

However, I'd like to get rid of this service.

Do you have any other tricks that would allow the qemu agent to usurp an account to launch commands?

On Vmware in the api I had -Username and -Password options.

So far, only the winrm option works, but you need to activate and configure the service.
 
Last edited:
Perhaps someone has direct experience with this and can help.

However, if you are in a corporate, or even SMB, environment where you have proper Windows domain and services, the Qemu-Agent is not how you should drive your Windows VM management.

The agent's primary goal is to act as a semi-ipmi type channel for power/backup coordination. It is intentionally restricted in what it can do and how it can act. It is not meant as WinRM replacement.

Additionally, it was designed and built for Linux guests and later retrofitted to Windows. Only essential parts are implemented and tested.

https://access.redhat.com/documenta...on_administration_guide/chap-qemu_guest_agent
https://qemu-project.gitlab.io/qemu/interop/qemu-ga.html
https://wiki.qemu.org/Features/GuestAgent
https://wiki.libvirt.org/Qemu_guest_agent.html

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom