winrm - Powershell 4.0 Remoting with Non Admin Domain Account -


i'm looking configure powershell remoting non-admins on group of servers. right have working configuration allows admin domain accounts connect servers no error. authentication method using credssp, using ssl , works domain admin account.

on other hand have user domain account usertest. account mapped domain group maps locally (on each server) remote desktop user groups. allows user rdp server has no administrator privileges. going stay way , not option make local administrator.

the purpose of user allow non-admin accounts execute set of scripts against server using restricted session, connecting domain admin account. problem comes when i'm trying connect usertest account. server responds access denied error:

[servera] connecting remote server servera failed following error message : access denied. more information, see about_remote_troubleshooting topic. + categoryinfo : openerror: (servera:string) [], psremotingtransportexception + fullyqualifiederrorid : accessdenied,pssessionstatebroken

going trough analytic eventlogs found error message follows:

the wsman service not launch host process process given request. make sure wsman provider host server , proxy registered.

this configuration have setup:

  • created pssessionconfiguration named remotedesktopusers

  • register-pssessionconfiguration -name remotedesktopusers -startupscript c:\start.ps1

  • set-pssessionconfiguration -name remotedesktopusers -showsecuritydescriptorui (added remote desktop users group sessionconfiguration)

so yeah, have googled, should necessary configuration need able psremote non-admin accounts. mentioned using domain admin account connecting sessionconfiguration works fine, thinking i'm missing kind of permission/privilege/sddl allows user access:

windows server 2008 r2 sp1
powershell 4.0
winrm productversion = os: 6.1.7601 sp: 1.0 stack: 3.0

you're running problem because of using credssp

any particular reason have use credssp? popular use of credssp provided situations in need configure jump server remote 1 machine, another, , there out again server. it's well-known second-hop funtionality , such huge security hole credssp kind of pain configure, intentionally.

you have configure credssp in 3 places, once on machine you'll remoting, again on machine you'll jumping to, , on each machine you'll connecting jump server.

if have use credssp, follow great guide here on scripting guy's blog.

if don't need credssp

try whole process using default/wsman authorization, , bet problems go away.


Comments

Post a Comment

Popular posts from this blog

java - Spring Data JPA: Why findOne(id) executing delete query internally? -

i have 1 application using @manytomany annotation link 2 different entities 1 parent entity. not sure if have implemented properly. when execute .findone() on parent entity's repository find it, @ first fetch data along executing delete queries internally delete record mapping table (a table jpa creates after adding @manytomany annotation.). following generated sql queries , code snippet: java class @entity @table(name = "inventory") public class inventory { @id long id; // many other properties @manytomany(fetch=fetchtype.lazy) private list<stream> streams; @manytomany(fetch=fetchtype.lazy) private list<subject> subjects; } there no other annotation i've put in stream , subject entity class link inventory class. when run app, create following tables: inventory stream subject inventory_stream inventory_subject (inventory_stream , inventory_subject, 2 tables created automatically, don't k...
Read more

python - Mongodb How to add addtional information when aggregating? -

i beginner , wrote line pipeline works, wanna add other information output, screen name , or number of tweets.i tried add under $group gave me syntax error everytime here pipeline: def make_pipeline(): # complete aggregation pipeline pipeline = [ { '$match': { "user.statuses_count": {"$gt":99 }, "user.time_zone": "brasilia" } }, { "$group": { "_id": "$user.id", "followers": { "$max": "$user.followers_count" } } }, { "$sort": { "followers": -1 } }, { "$limit" : 1 } ]; i using on example : { "_id" : objectid("5304e2e3cc9e684aa98bef97"), "text" : "first week of school on :p", "in_reply_to_status_id" : null, "retweet_count" : null, ...
Read more

java - Incorrect order of records in M-M relationship in hibernate -

Image
i have 4 records in bridge table in mysql database. using @manytomany in hibernate, accurate order of employees incorrect incorrect of projects. following required material figure out doing mistake. this source. @entity @table(name="project") public class projectbean { @id @generatedvalue @column(name="project_id") private int projectid; @column(name="title") private string projecttitle; @manytomany(mappedby="projects") private collection<employeebean> employees; public projectbean() { employees = new arraylist<employeebean>(); } //getters & setters } @entity @table(name="employee") public class employeebean { @id @generatedvalue @column(name="employee_id") private int employee_id; @column(name="first_name") private string ...
Read more