JEA with Powershell

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Monte Hazboun Monte Hazboun 7 months, 2 weeks ago.

  • Author
  • #60216
    Profile photo of Amar Helloween
    Amar Helloween

    Hi All,

    My requirement was instead of giving full administrative rights, give some specific cmdlets right to a group of user. To perform this I am using JEA this works awesome in local machine with admin creds logged in i.e

    Enter-PSSession -ComputerName localhost -ConfigurationName Clients

    so through this i can see only limited cmdlets which i have given access to them, but when i am performing the same from remote machine its not working. i.e.

    Enter-PSSession -ComputerName "TestServer" -ConfigurationName Clients [gives ERROR]

    My question is do i need to pass admin creds to this bcz its working then

    Enter-PSSession -ComputerName "TestServer" -Credentials "Administrator" -ConfigurationName Clients (This Works)

    , but whats the point then i don't want to share admin creds with my clients. Kindly suggest on this. I only want the client group to provide the configuration name so that they can take pssession with it without passing admin creds.

  • #60223
    Profile photo of Jonathan Warnken
    Jonathan Warnken

    You will need to map the jea roles to users or groups so they can connect to the session you have setup.

    For your reading pleasure

  • #60225
    Profile photo of Monte Hazboun
    Monte Hazboun

    Are you able to post your session configuration file? What's the error you get when you try and enter-PSSession from a remote machine?

    As Jon said, in your session configuration file you need to map your role capabilities to a group in Active Directory. See below for an example of what your PSSC file might look like.

    SchemaVersion = ''
    SessionType = 'RestrictedRemoteServer'
    RunAsVirtualAccount = $true
    RoleDefinitions = @{
        DOMAIN\GROUP' = @{
            'RoleCapabilities' = 'Clients' } }

You must be logged in to reply to this topic.