new-pssession and Group Policies

This topic contains 3 replies, has 2 voices, and was last updated by  Don Jones 3 months, 2 weeks ago.

  • Author
    Posts
  • #76480

    marius
    Participant

    A PowerShell script uses the new-pssession cmdlet to create a session on a Windows Server 2008 server member of an Active Directory domain using the username and password of a domain user member of the AD domain.
    The same script uses the invoke-command cmdlet to run some code on the target server.
    In the AD domain there are some Group Policies that must be executed when the user logs on locally to configure his/her environment, execute logon scripts, map network drives and so on.
    I noticed that the group policies are not executed when the credentials of the domain user are used by new-pssession so that when invoke-command is used the settings implemented by the policies are not set.
    How can I tell new-pssession to execute the group policies assigned to the AD domain user?
    As having the right confnguration is critical, should I use a different cmdlet instead?
    Regards
    marius

  • #76483

    Don Jones
    Keymaster

    A PSSession is not a "logon." It's like connecting to a file server – you don't get policies applied for that connection, either. None of the client logon pieces of Windows run when you connect via PSSession; there's no way to make GPOs apply. A PSSession also doesn't get any kind of profile space – again, it's like connecting to a file server, not logging on.

    Short of logging on either locally or via Remote Desktop, there's no way to make GPOs happen.

  • #76514

    marius
    Participant

    Many thanks for the detailed answer.
    Is there any way to execute code on a remote server "after" applying the Group Policy settings assigned to the domain user whose credentials are used to connect to the server?
    Regards
    mariua

  • #76517

    Don Jones
    Keymaster

    I'm not sure what you mean – there's no way to apply Group Policy settings, so I'm not sure how you'd execute code?

    Keep in mind that a remote session all happens inside Wsmprovhost.exe. There's no way to run a logon script or anything else in there. It's not a "full Windows" session. It's like asking, "how can I run Group Policy inside Notepad?"

You must be logged in to reply to this topic.