Configuring Elevated Privileges

There are various scenarios that require us to execute applications with elevated privileges. It’s common for this requirement to surface during lift and shift efforts.

This configuration is done in the Service Definition file. It requires us to specify the Runtime Execution Context to elevated.

Runtime Configuration Template

This template uses the ProgramEntryPoint as an EntryPoint. Roles also support NetFxEntryPoint.

<Runtime executionContext="[limited|elevated]">
     <Variable name="<variable-name>" value="<variable-value>">
      <RoleInstanceValue xpath="<xpath-to-role-environment-settings>"/>
     <ProgramEntryPoint commandLine="worker.cmd" setReadyOnProcessStart="true" />

Sample ServiceDefinition

This sample ServiceDefinition was generated using the Add-AzureWorkerRole PowerShell command.

<?xml version="1.0" encoding="utf-16"?>
<ServiceDefinition xmlns:xsd="" xmlns:xsi="" name="briseboisDemo3" xmlns="">
  <WorkerRole name="Compute">
      <Task commandLine="setup_worker.cmd &gt; log.txt" executionContext="elevated">
          <Variable name="EMULATED">
            <RoleInstanceValue xpath="/RoleEnvironment/Deployment/@emulated" />
          <Variable name="RUNTIMEID" value="" />
          <Variable name="RUNTIMEURL" value="" />
      <Task commandLine=".\startup.cmd &gt; startup_log.txt" executionContext="elevated" />
      <InputEndpoint name="HttpIn" protocol="tcp" port="80" />
    <Runtime executionContext="elevated">
        <Variable name="PORT">
          <RoleInstanceValue xpath="/RoleEnvironment/CurrentInstance/Endpoints/Endpoint[@name='HttpIn']/@port" />
        <Variable name="EMULATED">
          <RoleInstanceValue xpath="/RoleEnvironment/Deployment/@emulated" />
        <ProgramEntryPoint commandLine="worker.cmd" setReadyOnProcessStart="true" />

Deploying the Cloud Service

There is nothing different about deploying a Cloud Service that executes with elevated privileges. Using your tool of preference, create a new Cloud Service package and deploy it to Microsoft Azure.

Using PowerShell to package the Cloud Service requires you to navigate to the Cloud Service directory and execute the Save-AzureServiceProjectPackage command. This will produce a cloud_package.cspkg package file.

To deploy Azure Cloud Services, I usually use PowerShell. This is an example of what you may write yourself.

New-AzureDeployment `
                -Package 'C:\\cloud_package.cspkg' `
                -Configuration 'C:\\ServiceConfiguration.Cloud.cscfg' `
                -Slot Production `
                -Label 'Compute-2015-02-17' `
                -ServiceName  'DemoCloudService' `
                -Name 'DemoCloudService' `


No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.