WMI Windows Agents

Deprecated: This plugin has been marked as deprecated. In general, this means that this plugin is either obsolete, no longer being developed, or may no longer work.

More information about the cause of this deprecation, and suggestions on how to proceed may be found in the documentation below.

Allows you to setup agents on Windows machines over Windows Management Instrumentation (WMI).

NOTICE OF DEPRECATION

This plugin is deprecated. SSH is now a very viable, secure and robust solution for connecting to Windows based agents using native Windows binaries for OpenSSH Server or another method such as cygwin. There is also the Windows Cloud plugin for Jenkins which uses WinRM, a more modern remote management solution.

The method for connecting agents to the controller in this plugin, which is based on DCOM, has several pitfalls and issues and can be brittle. The SSH and other solutions can unify the method for connecting to all agents (Windows, Linux, macOS, etc.) in your infrastructure. It is highly recommended that you migrate to one of these other methods sooner rather than later.

Microsoft is tightening security on DCOM based on a CVE. Initial OS updates will require a registry change to enable the current security level, then on the 1th of March of 2023 they will not have a way to override the secure behavior. The library used in this plugin was last released in ~2010 and does not have an active development team. Jenkins developers have decided to deprecate this plugin rather than try and maintain the library on our own.

If someone would like to keep the plugin going, they would need to adopt the plugin and update it to align with the changes that Microsoft is putting in to resolve the CVE.

Usage

Once the plugin is installed, a new launch type is available in the agent configuration. Once the agent configuration is saved, Jenkins will reconnect the agent using the plugin.

configuration

How does it work?

This section goes into the details of how the managed Windows agent launcher actually works.

Jenkins uses multiple protocols to install the actual agent as a Windows service and then start it. These protocols have been around for a quite some time.

Important
The installation process assumes that the JRE is installed and accessible on the agent. Please see Troubleshooting WMI Windows Agents if you need further help.

  • It first uses CIFS (also known as "Windows file share protocol") to push files into the agent. When used by someone with administrative privileges, Windows file shares expose what’s commonly known as "administrative shares", which are hidden exported directories that cover every drive in the system.

  • It then uses DCOM to talk to WMI to install and start a service remotely.

Troubleshooting

Changelog

Version: 1.8.1
Released:
Requires Jenkins 2.249.1
ID: windows-slaves
Installed on 34.7% of instances
View detailed version information
Links
GitHub
Open issues (Jira)
Report an issue (Jira)
Extension Points
Javadoc
Labels
deprecated
Agent Management
windows
Maintainers
Andres Rodriguez
Jesse Glick
Oleg Nenashev
rsandell
James Nord
Carroll Chiou
Liam Newman
Olivier Lamy
Ramon Leon
Bruno Verachten
Help us improve this page!
To propose a change submit a pull request to the plugin page on GitHub.
Previous Security Warnings