Creating new pswa Authorization rule

Welcome Forums General PowerShell Q&A Creating new pswa Authorization rule

This topic contains 5 replies, has 2 voices, and was last updated by

5 years, 6 months ago.

  • Author
  • #10883

    Points: 0
    Rank: Member


    I have configured the pwsa on a windows 2012 server. The virtual directory and everything got installed properly and I can browse to the Windows Powershell Web Access Login page.
    But I need to create the authorization rule before I can login.
    Running below cmdlet gives the error:
    Add-PswaAuthorizationRule –UserName Contoso\JSmith -ComputerName Contoso_214 -ConfigurationName NewAdminsOnly

    Add-PswaAuthorizationRule : The specified directory service attribute or value does not exist.
    At line:1 char:1
    + Add-PswaAuthorizationRule –UserName Contoso\JSmith -ComputerName Contoso_214 -ConfigurationName NewAdminsOnly
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [Add-PswaAuthorizationRule], COMException
    + FullyQualifiedErrorId : AddRuleError,Microsoft.Management.PowerShellWebAccess.AddPswaAuthorizationRuleCommand

    Please help! NewAdminsOnly config has been already created.

  • #10892

    Points: 1
    Rank: Member

    Hey Amandeep!

    Are you do the Add-PSWAAuthorizationRule using PowerShell Remoting? There is a multi-hop issue. Also, the computer name should be fully qualified.

    Try to fully qualify the computername — you can also create a couple of test rules to narrow down the issue such as Add-PSWAAuthorizationRule -Username * -ComputerName MyComp.Domain.Pri -ConfigurationNAme * — Of course, you will want to delete these test rules, but this cna help see exactly where the problem is.

    Let me know if this helped!


  • #10904

    Points: 0
    Rank: Member

    Ok, first of all, thanks for replying. Here is what i am trying.

    I want to automate some stuff with powershell such as few members whom i give access could run those scripts using powershell web access(as they are the MAC users and not windows.). For this, i am setting a VM for windows 2012 standard edition server(It is not 2012 R2) with all my script modules installed there.

    As you suggested, i ran script with -UserName * and it worked and created the rule. However, it did not allow me to login giving authorization failure with that domain user for which i created the rule.

    Then, i created the rule with below command:
    Add-PswaAuthorizationRule –UserName * -ComputerName * -ConfigurationName *

    Giving access to everyone with every configuration. This allowed the domain user to login through the web console and issue commands.

    So, now i just need to see how can i give specific rights to specific users. And why the rule creation with specific username is failing. Please let me know if you have any further suggestions. Again, thanks for your anticipation.


  • #10925

    Points: 1
    Rank: Member

    Hi Aman!

    Check a couple of things – First – if the user is not an administrator, you will need to add them to the target remote servers local group "Remote Management Users". – Or create a new AD group and that group so you can easily add users.

    Here is an example of my rule for a regular user that has been added to that group.

    PS C:\> Add-PswaAuthorizationRule -UserName Company\Bobs -ComputerName s1.Company.Pri -ConfigurationName *

    Bobs is a regular user
    S1.Company.Pri is the remote computer I want Bobs to be able to use.

    Let me know how it goes!


  • #10935

    Points: 0
    Rank: Member

    Thanks, Still struggling with it. Everything works with * for a username but soon as i give specific user i get the error. Also tried that User as Admin on required machine on which access is required.

    Just a blind guess, do I need to be a domain admin in order to run this command?Currently I am not.

  • #11021

    Points: 1
    Rank: Member

    Are you standing at the server or using PowerShell remoting?

The topic ‘Creating new pswa Authorization rule’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort