Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Microsoft Azure

Execute Scripts Inside Azure VMs from the Portal

This post will show how to use the Run Command to execute PowerShell scripts inside an Azure virtual machine running Windows Server from the Azure Portal. Note that this can also be done using PowerShell, CLI, and REST API.

 

 

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

The Need

I often find myself in situations where I want to get something done with a virtual machine that I have access to via the Azure Portal but I haven’t got network access to it. I could configure network access and RDP into the virtual machine but that will either require time or an unwanted configuration change. I could use the Serial Access Console to log into the machine and get a PowerShell user interface but that’s more of a back door. What if I just want to run a one-off PowerShell script to get something done?

The Run Command

Microsoft added a new method for executing PowerShell scripts inside of a virtual machine in a simple, on-demand basis, called the Run Command. At any time, I can execute one of a set of supplied scripts or a custom script on one of several ways:

  • The Azure Portal
  • PowerShell from my PC, using the AzureRM PowerShell modules
  • CLI
  • REST API

This method requires that you have a certain level of permissions for the virtual machine in question. You must have the Microsoft.Compute/virtualMachines/runCommand/action permission, which is available to administrators with Contributor or higher rights over the virtual machine resource.

Using Run Command in the Azure Portal

You can find Run Command in the settings of a virtual machine under Operations.

Virtual machine Run Command in the Azure Portal [Image Credit: Aidan Finn]
Virtual Machine Run Command in the Azure Portal [Image Credit: Aidan Finn]
 

Here you will find a number of scripts, with fairly self-explanatory names, that can be executed from the Azure Portal directly inside the guest OS of a Windows virtual machine running in Azure.

You can select one, such as IPConfig, and click Run. Note that you can view the script that will be executed. A minute or two later, the results of the script are displayed on screen.

Running the supplied IPConfig script in an Azure virtual machine [Image Credit: Aidan Finn]
Running the Supplied IPConfig Script in an Azure Virtual Machine [Image Credit: Aidan Finn]
 

You can also run a custom script. When you select the RunPowerShellScript option in the Azure Portal, a small script editor appears. You can type a small script in here or you can copy/paste in something (probably larger) from a more serious script editor such as PowerShell ISE or VS Code.

Executing customer PowerShell commands or scripts inside an Azure virtual machine [Image Credit: Aidan Finn]
Executing Customer PowerShell Commands or Scripts Inside an Azure Virtual Machine [Image Credit: Aidan Finn]
 

When you are ready to run, click the Run button and wait. Note that if you just want to send a PowerShell script file into a virtual machine to run, then use PowerShell on your PC:

Invoke-AzureRmVMRunCommand -ResourceGroupName 'petri' -Name 'vm-petri-01' -CommandId 'RunPowerShellScript' -ScriptPath 'myscript.ps1'

Restrictions

There are some restrictions when you use Run Command:

  • The output of your command/script is limited to last 4096 bytes.
  • It takes at least 20 seconds for a script to run.
  • Your script/command will run as System.
  • You can only execute one script/command at a time.
  • Scripts that prompt you for input are not supported.
  • Once a script is started, you cannot cancel it.
  • A script must complete within 90 minutes or it will timeout.

Some early feedback to Microsoft has found that Run Command requires that the virtual machine has some level of outbound connectivity to the Internet, probably to supply the output from an extension to Azure.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.

Live on Tuesday, September 28th, at 9:30 AM ET!

GET-IT: EndPoint Management 1-Day Virtual Conference

The management of endpoints is complicated and the risks associated with having unsecured devices roaming outside the firewall are quickly becoming a targeted vector for malicious users. In this Petri one-day virtual conference, we will be diving deep into how you can improve the way you manage your endpoints and learn from industry experts and MVPs about best practices, available tools to streamline your operations, and what's coming soon with Windows 11.

RSVP Now!

Sponsored By

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: