Documentation for infrabot

Answers to questions

Bot will have administrative access on server?

That depends on you. Service can work with non administrative restricted user account or with Active Directory Managed Service Account. However you must be sure that user will have access to infrabot installed folder and access to run PowerShell.

But if Bot will not have administrative access, how it will be able to execute tasks which need administrative permissions?

You will have to configure it in your script or executable. You can perform any administrative tasks using credentials in your script. Example:

#Administrative account
$CredentialUser = "DOMAIN\admin_user"
$CredentialPassword = ConvertTo-SecureString "my_strong_password" -AsPlainText -Force
#Creating Credential variable to pass to any command
$Credential = New-Object System.Management.Automation.PSCredential ($CredentialUser, $CredentialPassword)

#Now you can pass $Credential to any command
#For example invoke command on remote server using administrative account
Invoke-Command -ComputerName my_server -ScriptBlock { hostname } -Credential $Credential

Is it safe?

Absolutely, but it depends on how are you going to configure bot. If you want the safest option, then you have to configure user access restriction. Bot will execute commands only from specified by you users (see telegram_allowed_chats_id on Config Overview page).

But what about commands which bot can execute?

This fully depends on you as well. Bot knows only that commands which which are installed via plugins. You can create any plugin and its functionality you want. If you delete .plug file of the appropriate command in plugins directory, that command will be deleted and will not be available for using, however there are several common default commands, which could not be deleted but could be turned off or given access to, using the configuration file.