问题
I try to use powershell PSSession cmdlets, but I'm struggling with Access Denied Error.
What I try to do is using Administrator Account I run command New-PSSession (or Enter-PSSession) and unfortunately I receive Access Denied Error.
I follow all the instructions correctly I believe, cause on the other server I can run those commands with no troubles.
In addition I'd like to inform that test-wsman return me an response. I'm using Built-In Administrator Account and already checked Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI
All the privileges seems to be ok. I have no more ideas, looking for help.
UPDATE
I found one interesting behaviour:
Let's assume that:
- IP Address of machine is 22.222.222.222
- I log via remote desktop using Administrator Credentials
I use following commands:
new-pssession // access denied
new-pssession localhost // access denied
new-pssession 127.0.0.1 // access denied
new-pssession 22.222.222.222 // Session created ! It's working !
new-pssession 22.222.222.222 -Credential Get-Credential // access denied (using the same administrator credentials which I'm using for RDP)
I can add that on the other server when I run exactly the same commands all commands are successful.
Any Ideas?
回答1:
PS session is used to access remote systems. For that you have to do few configurations:
1) Make sure the winrm service is running in all the destination systems as well as in your local system too.
2) You have to enable PS Remoting. Enable-PSRemoting configures a computer to receive PowerShell remote commands sent with WS-Man.
So,Start Windows PowerShell as an administrator
Enable-PSRemoting –Force
3) You need to add the remote computer to the list of trusted hosts for the local computer in WinRM. To do so, type:
winrm s winrm/config/client '@{TrustedHosts="RemoteComputer"}'
4) Check the configuration using:
winrm quickconfig
Once done, you can use the New-Pssession command to create an interactive session with the destination system.
Else, you can use Invoke-Command to perform some remote operation like below:
I have mentioned in the comment section how it has to work. Sample :
$username = "Username"
$password = "Password"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
# will list all the processess in the remote system
# if you are the entireprise admin or the domain admin then you do not have to pass the credentials. It will take the windows authentication by default.
Invoke-Command -ComputerName RemoteServer -ScriptBlock {Get-Process } -Credential $cred
Since you have updated the question: Let me tell you point wise:
127.0.0.1 and localhost -- both are pointing to local system. Means you have to add them in the trusted hosts list of the local system. It is not advisable to use PSSession for the localsystem cause you can directly run all the ps cmdlets in the PS console.
22.222.222.222 -- working cause you have add that in the trusted host list and it is using the windows authentication by default
22.222.222.222 -Credential Get-Credential ---- not working because the format is a bit wrong. Use like this:
New-PSSession -ComputerName 22.222.222.222 -Credential (Get-Credential)
Hope it helps you.
回答2:
I was having this exact issue and found that the username I was passing in needed to be the FQDN. i.e. username@domain.com rather than just username. once I updated to that it worked.
回答3:
Try this out: https://www.powershellgallery.com/packages/Invoke-PSSession
It Invokes a Session, then Registers a PSSessionConfiguration with the Credentials that you provided. Basically providing the credentials for that DoubleHop
来源:https://stackoverflow.com/questions/43190429/powershell-new-pssession-access-denied-administrator-account