Powershell New-PSSession Access Denied - Administrator Account
I am trying to use the PSSession powershell cmdlets but I am struggling with an access denied error.
What I am trying to do is use an administrator account. I run the command New-PSSession
(or Enter-PSSession
) and unfortunately I get an access error.
I am following all instructions correctly because on another server I can run these commands without any problem.
Also, I would like to let you know what test-wsman
will return me a response. I am using the built-in admin account and have checked already Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI
All privileges seem to be fine. I have no more ideas looking for help.
UPDATE
I found one interesting behavior:
Let's pretend that:
- Machine IP: 22.222.222.222
- I log in via remote desktop using administrator credentials.
I am using the following commands:
new-pssession // access denied
new-pssession localhost // access denied
new-pssession 127.0.0.1 // access denied
new-pssession 22.222.222.222 // Session created ! It working !
new-pssession 22.222.222.222 -Credential Get-Credential // access denied (using the same administrator credentials which I'm using for RDP)
I can add that on another server, when I run exactly the same commands, all commands are successful.
Any ideas?
source to share
PS session is used to access remote systems. To do this, you need to make several configurations:
1) Make sure the winrm service is running on all target systems as well as your local system.
2) You need to enable PS Remoting. Enable-PSRemoting configures the computer to accept remote PowerShell commands sent using WS-Man.
So, run Windows PowerShell as administrator
Enable-PSRemoting βForce
3) You need to add the remote computer to the list of trusted hosts for the local computer in WinRM. To do this, enter:
winrm s winrm/config/client '@{TrustedHosts="RemoteComputer"}'
4) Check the configuration using:
winrm quickconfig
Once done, you can use the New-Pssession command to create an interactive session with the target system.
Otherwise, you can use Invoke-Command to perform some remote operation like below:
In the comments section, I mentioned how it should work. Example:
$username = "Username"
$password = "Password"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
# will list all the processess in the remote system
# if you are the entireprise admin or the domain admin then you do not have to pass the credentials. It will take the windows authentication by default.
Invoke-Command -ComputerName RemoteServer -ScriptBlock {Get-Process } -Credential $cred
Since you updated the question: let me tell you wise:
127.0.0.1 and localhost both point to the local system. This means that you must add them to the list of trusted hosts on the local system. It is not recommended to use PSSession for local system because you can run all ps cmdlets directly in PS console.
22.222.222.222 is a working reason why you added it to the list of trusted hosts and Windows authentication is used by default
22.222.222.222 -Credential Get-Credential ---- doesn't work because the format is slightly wrong. Use the following:
New-PSSession -ComputerName 22.222.222.222 -Credential (Get-Credential)
Hope this helps you.
source to share
Try this: https://www.powershellgallery.com/packages/Invoke-PSSession
It calls the session, then registers the PSSessionConfiguration with the credentials you provided. Basically providing credentials for this DoubleHop
source to share