Author Posts

October 18, 2013 at 2:21 am

Hello,

I have configured the pwsa on a windows 2012 server. The virtual directory and everything got installed properly and I can browse to the Windows Powershell Web Access Login page.
But I need to create the authorization rule before I can login.
Running below cmdlet gives the error:
Add-PswaAuthorizationRule –UserName Contoso\JSmith -ComputerName Contoso_214 -ConfigurationName NewAdminsOnly

Add-PswaAuthorizationRule : The specified directory service attribute or value does not exist.
At line:1 char:1
+ Add-PswaAuthorizationRule –UserName Contoso\JSmith -ComputerName Contoso_214 -ConfigurationName NewAdminsOnly
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Add-PswaAuthorizationRule], COMException
+ FullyQualifiedErrorId : AddRuleError,Microsoft.Management.PowerShellWebAccess.AddPswaAuthorizationRuleCommand

Please help! NewAdminsOnly config has been already created.

October 18, 2013 at 7:44 am

Hey Amandeep!

Are you do the Add-PSWAAuthorizationRule using PowerShell Remoting? There is a multi-hop issue. Also, the computer name should be fully qualified.

Try to fully qualify the computername — you can also create a couple of test rules to narrow down the issue such as Add-PSWAAuthorizationRule -Username * -ComputerName MyComp.Domain.Pri -ConfigurationNAme * — Of course, you will want to delete these test rules, but this cna help see exactly where the problem is.

Let me know if this helped!

Jason

October 19, 2013 at 11:07 pm

Ok, first of all, thanks for replying. Here is what i am trying.

I want to automate some stuff with powershell such as few members whom i give access could run those scripts using powershell web access(as they are the MAC users and not windows.). For this, i am setting a VM for windows 2012 standard edition server(It is not 2012 R2) with all my script modules installed there.

As you suggested, i ran script with -UserName * and it worked and created the rule. However, it did not allow me to login giving authorization failure with that domain user for which i created the rule.

Then, i created the rule with below command:
Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *

Giving access to everyone with every configuration. This allowed the domain user to login through the web console and issue commands.

So, now i just need to see how can i give specific rights to specific users. And why the rule creation with specific username is failing. Please let me know if you have any further suggestions. Again, thanks for your anticipation.

Thanks,
Aman.

October 20, 2013 at 8:23 am

Hi Aman!

Check a couple of things – First – if the user is not an administrator, you will need to add them to the target remote servers local group "Remote Management Users". – Or create a new AD group and that group so you can easily add users.

Here is an example of my rule for a regular user that has been added to that group.

PS C:\> Add-PswaAuthorizationRule -UserName Company\Bobs -ComputerName s1.Company.Pri -ConfigurationName *

Bobs is a regular user
S1.Company.Pri is the remote computer I want Bobs to be able to use.

Let me know how it goes!

Jason

October 21, 2013 at 4:16 am

Thanks, Still struggling with it. Everything works with * for a username but soon as i give specific user i get the error. Also tried that User as Admin on required machine on which access is required.

Just a blind guess, do I need to be a domain admin in order to run this command?Currently I am not.

October 23, 2013 at 4:48 pm

Are you standing at the server or using PowerShell remoting?