microsoft / winget-cli

WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
https://learn.microsoft.com/windows/package-manager/
MIT License
23.18k stars 1.45k forks source link

Credentials #2455

Open chadleywilson opened 2 years ago

chadleywilson commented 2 years ago

Description of the new feature / enhancement

winget upgrade --all Most apps just upgrade and this is fantastic, they are per user apps. here is a list of apps that required elevation which we use.

Name Id Version Available Source

7-Zip 21.07 (x64) 7zip.7zip 21.07 22.01 winget Git Git.Git 2.37.0 2.37.2.2 winget Notepad++ (64-bit x64) Notepad++.Notepad++ 8.4.2 8.4.4 winget Windows Software Development Kit - Windows 10… Microsoft.WindowsSDK < 10.0.22000.832 10.0.22621.1 winget Google Chrome Google.Chrome 104.0.5112.81 104.0.5112.102 winget Microsoft Visual C++ 2015-2019 Redistributabl… Microsoft.VC++2015-2019Redist-x64 14.25.28508.3 14.29.30139.0 winget Teams Machine-Wide Installer Microsoft.Teams 1.4.0.22976 1.5.00.17656 winget Adobe Acrobat Reader DC Adobe.Acrobat.Reader.32-bit 22.001.20117 22.002.20191 winget Microsoft Visual Studio Code Microsoft.VisualStudioCode 1.69.2 1.70.1 winget

We can't use this very promising tool to automate the upgrades, as this is a show stopper on 2000 computers. In our environment any domain or service account with local admin access can't run WinGet. (not for the lack of hacking it out and trying) It simply refuses to run using a service account, we did manage to get it to work by physically logging on to a (at the keyboard) laptop with the service account, after that the service account has access to WinGet. But we cannot do this on 2000k computers spread across the UK. We don't have the man power or resources for this type of project.

Proposed technical implementation details

The way I see it, we need one of two routes here, or both. If we could supply credentials in a PowerShell script using get-credentials, which could then be passed on to the apps that need it, or if we could distribute the WinGet app to "all users" (machine context) using Intune that would work as well.

The downside I see in the all users route is we would need to maintain 2 scripts:

  1. a list of apps that require "elevation"
  2. a list of user apps

This means if we don't constantly monitor and compare we would end up missing apps

Also as WinGet is not already present on all computers better instructions on how we can get it installed possibly with an Intune offline installer to be used on all computers.

Trenly commented 2 years ago
denelon commented 2 years ago

Related to #2434

Inf-Sub commented 1 year ago

I will add that the confirmation of administrator rights for each individual program from the installation / update package is hell for the administrator when using winget

blackdoc111 commented 1 year ago

1

magoerlich commented 9 months ago

Yeah please +1

A lot of powershell commands already support -Credential Please add this to winget, it will make software management much more scriptable.