Welcome › Forums › General PowerShell Q&A › Session (endpoint) Configuration
- This topic has 1 reply, 2 voices, and was last updated 9 months ago by
Participant.
-
AuthorPosts
-
-
April 25, 2020 at 12:25 pm #222387
My Goal is to create an endpoint to allow non-administrative users to invoke a remote session to a server but only allow them specific cmdlets to execute.
As a test, on my laptop, I created the ‘LockDown’ Session and only allowed the cmdlet ‘Get-Date’ to execute and gave the local account ‘BC’ Execute and Read Rights for the session.
PowerShell123456Name : LockDownPSVersion : 5.1RunAsUser :Permission : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\RemoteManagement Users AccessAllowed, W10-BCLPT\BC AccessAllowedVisibleCmdlets : Get-DateAs local administration, I test the session and it works.
PowerShell12PS C:\Windows\system32> $s = New-PSSession -ComputerName localhost -ConfigurationName LockDown PS C:\Windows\system32> Invoke-Command -Session $s -ScriptBlock {get-date}Saturday, April 25, 2020 7:20:25 AMWhen I try as the user ‘BC’, the command fails.
PowerShell12345678910PS C:\Users\BC> $s = New-PSSession -ComputerName localhost -ConfigurationName LockDownNew-PSSession : [localhost] Connecting to remote server localhost failed with the following error message : The WSManservice could not launch a host process to process the given request. Make sure the WSMan provider host server andproxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.At line:1 char:6+ $s = New-PSSession -ComputerName localhost -ConfigurationName LockDow ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException+ FullyQualifiedErrorId : -2146959355,PSSessionOpenFailedI have changed the rights for BC from Read and Execute to ‘Full’ and get the same error. I have also recreated the local ‘BC’ account and still receive the same issue. I’ve checked about_Remote_Troubleshooting and set my Trusted Hosts Value to ‘*’ (for troubleshooting purposes) and I still can’t get a non-admin to invoke a command.
-
April 29, 2020 at 4:18 am #223536
Brian, see if this article helps you.
-
-
AuthorPosts
- The topic ‘Session (endpoint) Configuration’ is closed to new replies.