PS-Remoting

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of tommymaynard tommymaynard 6 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #37132
    Profile photo of amit aman
    amit aman
    Participant

    I have enable PS remoting on one of the Domain controller and given permission to one service account by command: Set-PSSessionConfiguration -Name Microsoft.PowerShell –showSecurityDescriptorUI

    User wants to execute command powershell command "Set-ADUser -Identity thpoo -ChangePasswordAtLogon $true" but getting access denied, however working fine for Domain admins.
    Kindly assist

    #37133
    Profile photo of tommymaynard
    tommymaynard
    Participant

    Your user doesn't have the proper privilege in Active Directory. Either assign them to a group that does, or modify the permission of their AD user object (their user account). I'd probably shoot for the first of these two options.

    In case it's unclear, the -ShowSecurityDescriptorUI parameter of the Set- and Register-PSSessionConfiguration cmdlets, is for modifying the permissions on the endpoint (think, who can and can't use the endpoint). It's about giving them access to use this endpoint — the Microsoft.PowerShell (default) endpoint, in this instance. Just a thought, but if it were me, I'd leave this endpoint or session configuration alone, and create a new one that this user can use. Just a thought.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.