Author Posts

August 2, 2017 at 4:01 pm

A PowerShell script uses the new-pssession cmdlet to create a session on a Windows Server 2008 server member of an Active Directory domain using the username and password of a domain user member of the AD domain.
The same script uses the invoke-command cmdlet to run some code on the target server.
In the AD domain there are some Group Policies that must be executed when the user logs on locally to configure his/her environment, execute logon scripts, map network drives and so on.
I noticed that the group policies are not executed when the credentials of the domain user are used by new-pssession so that when invoke-command is used the settings implemented by the policies are not set.
How can I tell new-pssession to execute the group policies assigned to the AD domain user?
As having the right confnguration is critical, should I use a different cmdlet instead?

August 2, 2017 at 4:06 pm

A PSSession is not a "logon." It's like connecting to a file server – you don't get policies applied for that connection, either. None of the client logon pieces of Windows run when you connect via PSSession; there's no way to make GPOs apply. A PSSession also doesn't get any kind of profile space – again, it's like connecting to a file server, not logging on.

Short of logging on either locally or via Remote Desktop, there's no way to make GPOs happen.

August 2, 2017 at 9:50 pm

Many thanks for the detailed answer.
Is there any way to execute code on a remote server "after" applying the Group Policy settings assigned to the domain user whose credentials are used to connect to the server?

August 2, 2017 at 9:53 pm

I'm not sure what you mean – there's no way to apply Group Policy settings, so I'm not sure how you'd execute code?

Keep in mind that a remote session all happens inside Wsmprovhost.exe. There's no way to run a logon script or anything else in there. It's not a "full Windows" session. It's like asking, "how can I run Group Policy inside Notepad?"