WMI Windows Agents

This plugin is up for adoption! We are looking for new maintainers. Visit our Adopt a Plugin initiative for more information.

windows slaves windows slaves plugin windows slaves

Allows you to setup agents on Windows machines over Windows Management Instrumentation (WMI).

NOTICE OF DEPRECATION (May 2023)

This plugin will be deprecated in May of 2023. SSH is now a very viable, secure and robust solution for connecting to Windows based agents using native Windows binaries for OpenSSH Server or another method such as cygwin. There is also the Windows Cloud plugin for Jenkins which uses WinRM, a more modern remote management solution.

The method for connecting agents to the controller in this plugin, which is based on DCOM, has several pitfalls and issues and can be brittle. The SSH and other solutions can unify the method for connecting to all agents (Windows, Linux, macOS, etc.) in your infrastructure. It is highly recommended that you migrate to one of these other methods sooner rather than later.

Microsoft is tightening security on DCOM based on a CVE. Initial OS updates will require a registry change to enable the current security level, then in May of 2023 they will not have a way to override the secure behavior. The library used in this plugin was last released in ~2010 and does not have an active development team. Jenkins developers have decided to deprecate this plugin rather than try and maintain the library on our own.

If someone would like to keep the plugin going, they would need to adopt the plugin and update it to align with the changes that Microsoft is putting in to resolve the CVE.

Usage

Once the plugin is installed, a new launch type is available in the agent configuration. Once the agent configuration is saved, Jenkins will reconnect the agent using the plugin.

configuration

How does it work?

This section goes into the details of how the managed Windows agent launcher actually works.

Jenkins uses multiple protocols to install the actual agent as a Windows service and then start it. These protocols have been around for a quite some time.

Important
The installation process assumes that the JRE is installed and accessible on the agent. Please see Troubleshooting WMI Windows Agents if you need further help.
  • It first uses CIFS (also known as "Windows file share protocol") to push files into the agent. When used by someone with administrative privileges, Windows file shares expose what’s commonly known as "administrative shares", which are hidden exported directories that cover every drive in the system.

  • It then uses DCOM to talk to WMI to install and start a service remotely.

Troubleshooting

Changelog