Script session with Gateway
2 votes
Hi,
Could you allow script session to run trough Devolutions Gateway please?
It could be useful to run a script on a specified host that is only accessible from the said Gateway.
I have a specific use case to demonstrate what I need:
We want to allow some less technical user (from our support) to run a script (stored in RDM/DVLS) to a host without being admin of the target.
Actually there is no possibility to configure script session to run trough Gateway, only remote PowerShell session can.
But that doesn't fit my need since I have to allow the user that run the session to be admin of the target without being able to restrict it to launch a defined script.
Thanks
All Comments (3)
Hello
It's not something that's supported currently, as you've discovered.
In the medium to long term (2024.3 / 2025.1 time frame) we're working towards introducing a companion service (Devolutions Agent) that will ultimately replace RDM Agent with a number of improvements (notably, it's properly integrated with Devolutions Gateway). That will directly support the use case that you mention.
In the shorter term, there is the possibility for improvement here since with the web-based WinRM we already support running scripts through the Gateway; in terms of letting a non-admin run an admin script that would be handled by PAM. The trick will be integrating that into RDM and I don't know the level of work involved there - the pieces all exist, it's would be a case of tying them together as an interim solution.
I'm going to create a ticket for this forum post and I'll raise it in the next planning meeting we have to see what's feasible to get something working sooner. It might be a little wait to get an answer on that (mainly due to the fact that it's the middle of summer and there is some crossover with different team members having responsibility here being on vacation at different times).
I'll update this post with further details. In the meantime, thanks for your patience and don't hesitate to post back with further questions or comments
Kind regards,
Richard Markievicz
Hi,
Is there any news about companion service / devolutions agent / ... or anything else that could help us to achieve this request?
Best regards
Hello
Thanks for your patience. There's been a lot of movement on our side in the time since you originally posted, but this isn't yet a feature we support directly. I've been speaking with the team and asked for an evaluation of what's needed to actually integrate this - we expect it to not be very time consuming - with a view for making this a roadmap item for 2026.3 (second part of this year).
To give you some solid details: we do now have script execution over Gateway, actually it's what the Hyper-V integration is built on. At its core it's a script execution framework. It's just not exposed to the user via the RDM or DVLS interface. So the first part is to add the user-side pieces to actually make this a generic, usable feature instead of something we are just using internally. Further our PAM solution has matured significantly and it seems that we can allow the script execution to use PAM credentials. There's some testing to be done on that side and make sure everything integrates correctly.
So, we are moving on this; I've a ticket assigned to a developer to fill in the details of exactly the pieces we still need to build but it seems like simple integration work. I'll post again once we have some roadmap information, but this is being worked on.
Thanks and kind regards,
Richard Markievicz