Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Create a restricted alternate PowerShell session configuration.
March 23, 2017
Q. How can I create a restricted alternate PowerShell session configuration for remote usage?
A. By default a server has a number of session configurations that can be connected to for remote execution and the default allows only local administrators and remote management user group members. It is possible to add additional session configurations that could have alternate users allowed to connect.
Register-PSSessionConfiguration -Name "DCMs"Set-PSSessionConfiguration -Name "DCMs" -ShowSecurityDescriptorUIGet-PSSessionConfiguration -Name "DCMs"
Note you will be shown the graphical interface to set the permissions on who can access. It's also possible to do this via script:
$pssc = Get-PSSessionConfiguration -Name "DCMs"$psscSd = New-Object System.Security.AccessControl.CommonSecurityDescriptor($false, $false, $pssc.SecurityDescriptorSddl)$Principal = "savilltechDCMs"$account = New-Object System.Security.Principal.NTAccount($Principal)$accessType = "Allow"$accessMask = 268435456$inheritanceFlags = "None"$propagationFlags = "None"$psscSd.DiscretionaryAcl.AddAccess($accessType,$account.Translate([System.Security.Principal.SecurityIdentifier]),$accessMask,$inheritanceFlags,$propagationFlags)Set-PSSessionConfiguration -Name "DCMs" -SecurityDescriptorSddl $psscSd.GetSddlForm("All") -Force
To use the configuration specify it as a parameter, e.g.
Enter-PSSession -ComputerName server1 -ConfigurationName DCMs
You May Also Like