How can I create a restricted alternate PowerShell session configuration

Create a restricted alternate PowerShell session configuration.

John Savill

March 23, 2017

1 Min Read
How can I create a restricted alternate PowerShell session configuration

Q. How can I create a restricted alternate PowerShell session configuration for remote usage?

A. By default a server has a number of session configurations that can be connected to for remote execution and the default allows only local administrators and remote management user group members. It is possible to add additional session configurations that could have alternate users allowed to connect.

Register-PSSessionConfiguration -Name "DCMs"Set-PSSessionConfiguration -Name "DCMs" -ShowSecurityDescriptorUIGet-PSSessionConfiguration -Name "DCMs"

Note you will be shown the graphical interface to set the permissions on who can access. It's also possible to do this via script:

$pssc = Get-PSSessionConfiguration -Name "DCMs"$psscSd = New-Object System.Security.AccessControl.CommonSecurityDescriptor($false, $false, $pssc.SecurityDescriptorSddl)$Principal = "savilltechDCMs"$account = New-Object System.Security.Principal.NTAccount($Principal)$accessType = "Allow"$accessMask = 268435456$inheritanceFlags = "None"$propagationFlags = "None"$psscSd.DiscretionaryAcl.AddAccess($accessType,$account.Translate([System.Security.Principal.SecurityIdentifier]),$accessMask,$inheritanceFlags,$propagationFlags)Set-PSSessionConfiguration -Name "DCMs" -SecurityDescriptorSddl $psscSd.GetSddlForm("All") -Force

To use the configuration specify it as a parameter, e.g.

Enter-PSSession -ComputerName server1 -ConfigurationName DCMs

 

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like