JEA with Powershell

Welcome Forums General PowerShell Q&A JEA with Powershell

This topic contains 2 replies, has 3 voices, and was last updated by

 
Participant
1 year, 11 months ago.

  • Author
    Posts
  • #60216

    Participant
    Points: 0
    Rank: Member

    Hi All,

    My requirement was instead of giving full administrative rights, give some specific cmdlets right to a group of user. To perform this I am using JEA this works awesome in local machine with admin creds logged in i.e

    Enter-PSSession -ComputerName localhost -ConfigurationName Clients

    so through this i can see only limited cmdlets which i have given access to them, but when i am performing the same from remote machine its not working. i.e.

    Enter-PSSession -ComputerName "TestServer" -ConfigurationName Clients [gives ERROR]

    My question is do i need to pass admin creds to this bcz its working then

    Enter-PSSession -ComputerName "TestServer" -Credentials "Administrator" -ConfigurationName Clients (This Works)

    , but whats the point then i don't want to share admin creds with my clients. Kindly suggest on this. I only want the client group to provide the configuration name so that they can take pssession with it without passing admin creds.

  • #60223

    Participant
    Points: 0
    Rank: Member

    You will need to map the jea roles to users or groups so they can connect to the session you have setup.

    For your reading pleasure https://msdn.microsoft.com/powershell/jea/session-configurations

  • #60225

    Participant
    Points: 0
    Rank: Member

    Are you able to post your session configuration file? What's the error you get when you try and enter-PSSession from a remote machine?

    As Jon said, in your session configuration file you need to map your role capabilities to a group in Active Directory. See below for an example of what your PSSC file might look like.

    SchemaVersion = '2.0.0.0'
    GUID = 'GUID HERE'
    SessionType = 'RestrictedRemoteServer'
    RunAsVirtualAccount = $true
    RoleDefinitions = @{
        DOMAIN\GROUP' = @{
            'RoleCapabilities' = 'Clients' } }
    }
    

The topic ‘JEA with Powershell’ is closed to new replies.