What -RunAsCredential limitations of Register-PSSessionConfiguration are?

Welcome Forums General PowerShell Q&A What -RunAsCredential limitations of Register-PSSessionConfiguration are?

This topic contains 4 replies, has 3 voices, and was last updated by

 
Participant
4 years, 9 months ago.

  • Author
    Posts
  • #18836
    GS

    Participant
    Topics: 108
    Replies: 186
    Points: 12
    Rank: Member

    Hello,

    I'm trying to have constrained endpoint which will run with credentials from different domain (no trust between domain where computer is and what endpoint shall be running under. Is it possible? Trying to register this endpoing ends up in error

    Error Message = The verification of the runAs user credentials failed with the error 1326.
    Fully Qualified Error ID = System.InvalidOperationException,Microsoft.PowerShell.Commands.SetItemCommand

    Context:
    Severity = Warning
    Host Name = ConsoleHost
    Host Version = 4.0
    Host ID = e0fc0707-f4e5-4563-acc3-8f89c6947a94
    Engine Version = 4.0
    Runspace ID = 4bffa899-03c7-4641-bf6f-68bcf0b3c6de
    Pipeline ID = 51
    Command Name = Set-Item
    Command Type = Cmdlet
    Script Name =
    Command Path =
    Sequence Number = 2050
    User = PROD\gs
    Shell ID = Microsoft.PowerShell

    User Data:

  • #18839

    Keymaster
    Topics: 13
    Replies: 4872
    Points: 1,813
    Helping HandTeam Member
    Rank: Community Hero

    The computer registering the endpoint, and the machine where the endpoint will be, need to be able to resolve the credential.

  • #18840
    GS

    Participant
    Topics: 108
    Replies: 186
    Points: 12
    Rank: Member

    They can resolve the credential, question is wether you can run endpoint under credentials in different domain. Say I can use those credentials to access file shares from this box but I can not use them to run endpoint as.

  • #18841

    Keymaster
    Topics: 13
    Replies: 4872
    Points: 1,813
    Helping HandTeam Member
    Rank: Community Hero

    Ah, I see.

    A file share isn't the ideal test of that; the endpoint RunAs credential needs certain rights, like the right to create process objects and tokens. That's different from being able to just access a file share. It's more like being able to log on interactively, although not exactly the same. You probably won't be able to use a RunAs credential from an un trusted domain.

    • #18859

      Participant
      Topics: 8
      Replies: 58
      Points: 0
      Rank: Member

      You will not be able to runas from untrusted domain for sure 🙂

The topic ‘What -RunAsCredential limitations of Register-PSSessionConfiguration are?’ is closed to new replies.