Invoke-Command as a "Protected User"

Welcome Forums General PowerShell Q&A Invoke-Command as a "Protected User"

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
11 months, 2 weeks ago.

  • Author
    Posts
  • #81466

    Participant
    Points: 1
    Rank: Member

    In my dev env I'm trying out protected users and their admin abilities.
    I know that Protected Users put some restrictions on accounts ex. in terms of logon protocols, but I'm a bit confused with this behavior:

    So if I Invoke-Command against "localhost" i get Access denied. If I do it against a remote system, I'm getting in. What is the technical reason for this to happen?

  • #81527

    Keymaster
    Points: 1,625
    Helping HandTeam Member
    Rank: Community Hero

    One reason might be Remoting not being enabled on your local system. It isn't enabled on client operating systems by default.

    • #85237

      Participant
      Points: 1
      Rank: Member

      We did some more testing with 2 computers:

      PC1 is able to run "invoke-command PC2 {hostname}", but not "invoke-command PC1 {hostname}"

      PC2 is able to run "invoke-command PC1 {hostname}", but not "invoke-command PC2 {hostname}"

      Both machines are running PS with accounts that have local admin permissions on both systems.

      However, when doing the same with an administrator that is NOT in the protected users group – both commands work.

      So it seems there is something fishy going on here.

      We have PS remoting enabled via GPO on all related endpoints and use it daily for mgmt.

      UPDATE: It also work with the protected users when adding "-Credential" to the command.

The topic ‘Invoke-Command as a "Protected User"’ is closed to new replies.