Stuck on elevation prompt for getting powershell settings remotely

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of sean ackerman sean ackerman 2 years, 3 months ago.

  • Author
    Posts
  • #18492
    Profile photo of sean ackerman
    sean ackerman
    Participant

    I am trying to verify across 20 servers the powershell configuration.

    So locally UAC prompt powershell as admin the below works.

     get-item wsman:\localhost\shell | get-childitem

    Remoting wise I thought this work have worked.

     Start-Process powershell.exe -ArgumentList "icm -computername server1,server2,server3 -scriptblock {get-item wsman:\localhost\shell | get-childitem}" -verb runas
    

    Not sure how to capture the output or at least hold up the pop window that occurs.

  • #18493
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well... I think the general theory is to try and not run into UAC. I would normally run Invoke-Command from my non-elevated prompt, and provide it with a -Credential parameter, which it would use to make the remote connection. That should remove any UAC pop-up windows, since you're not launching a new instance of PowerShell. That'll also put the output right into your PowerShell console, where you can work with it however you like.

  • #18494
    Profile photo of sean ackerman
    sean ackerman
    Participant

    Thanks Don. That where I am at a loss since

    icm -computername server1,server2,server3 -scriptblock {get-item wsman:\localhost\} -Cred usernameinfohere 

    works but soon as I add shell to the end of wsman:\localhost\ I run into what looks like a permissions issue since for example (pre)icm -computername server1,server2,server3 -scriptblock {get-eventlog security -Newest 10} works. I'll keep digging and let you know if I find something fruitfull.

  • #18495
    Profile photo of Don Jones
    Don Jones
    Keymaster

    It's square brackets on the code formatting 😉

    Couple of things. One, keep in mind that you can map other computers' WS-MAN to your own WSMAN: drive. It uses demoting under the hood, so try doing that with 1-2 computers. If you're not able to navigate the hierarchy that way, then yes, there's a problem of some kind. But that'll help eliminate certain possibilities.

    Second, double-check and make sure Remoting is enabled on those computers. I'm guessing it is, since just going to /localhost/ works.

    Third, keep in mind all those settings can also be configured in a GPO, which may be more convenient for you.

  • #18502
    Profile photo of sean ackerman
    sean ackerman
    Participant

    Resorted to using a foreach in combination connect-wsman then reused code.

    $file = "wsmansettings.txt"
    
    $servers = "server1","server2","server3","server4","server5"
    
    foreach($server in $servers){
                                    Connect-WSMan $server
                                    Get-Item wsman:\$server\shell | Get-ChildItem | out-file $file -Append
                                    Disconnect-WSMan $server
    
                                }#foreach
    
    invoke-item $file
    $servers = ""
    

    mybad on the pre tags...

  • #18504
    Profile photo of sean ackerman
    sean ackerman
    Participant

    Thanks for the advice and assistance.

You must be logged in to reply to this topic.