仅对同时也是管理员的本地用户拒绝PowerShell访问,而对于既是本地管理员的域用户则拒绝
[英]PowerShell Access Denied only for Local user who is also Admin but not for domain user who is local admin
问题描述
We are trying to setup a machine for PSRemoting using the following command 
我们正在尝试使用以下命令为PSRemoting设置计算机
Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI
for some reason this only works when we open the powershell in the context of a domain user who is a local administrator. 由于某些原因,这仅在我们是本地管理员的域用户的上下文中打开Powershell时有效。
PS C:\Windows\system32> Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI
Confirm
Are you sure you want to perform this action?
Performing operation "Set-PSSessionConfiguration" on Target "Name:
Microsoft.PowerShell".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):A
Access is denied.
At line:15 char:26
+ if ((!$pluginName) -or <<<< !(test-path "$pluginDir"))
+ CategoryInfo : InvalidOperation: (:) [], InvalidOperationExcept
ion
+ FullyQualifiedErrorId : WsManError
Join-Path : Access is denied.
At line:22 char:35
+ $pluginFileNamePath = Join-Path <<<< "$pluginDir" 'FileName'
+ CategoryInfo : NotSpecified: (:) [Join-Path], InvalidOperationE
xception
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Power
Shell.Commands.JoinPathCommand
Test-Path : Cannot bind argument to parameter 'Path' because it is an empty str
ing.
At line:23 char:19
+ if (!(test-path <<<< "$pluginFileNamePath"))
+ CategoryInfo : InvalidData: (:) [Test-Path], ParameterBindingVa
lidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl
lowed,Microsoft.PowerShell.Commands.TestPathCommand
Get-Item : Cannot bind argument to parameter 'LiteralPath' because it is an emp
ty string.
At line:29 char:43
+ $pluginFileName = get-item -literalpath <<<< "$pluginFileNamePath"
+ CategoryInfo : InvalidData: (:) [Get-Item], ParameterBindingVal
idationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl
lowed,Microsoft.PowerShell.Commands.GetItemCommand
Set-PSSessionConfiguration : Session Configuration "Microsoft.PowerShell" is no
t a PowerShell based shell.
At line:89 char:27
+ Set-PSSessionConfiguration <<<< $args[0] $args[1] $args[2] $args[3] $args[4]
$args[5] $args[6] $args[7] $args[8]
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorExcep
tion
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio
n,Set-PSSessionConfiguration
PS C:\Windows\system32>
it looks to me that there is something that is preventing access to the wsman:\\localhost\\plugin but can't understand how that can be fixed. 在我看来,有些东西阻止了对wsman:\\localhost\\plugin访问,但不知道该如何解决。 This only happens in our test bed, but in our development environment we have no such issues. 这仅在我们的测试平台上发生,但是在我们的开发环境中,我们没有此类问题。
Does any one have any clue as to what additional user access is for this command to work that an local administrator user may not have? 对于本地管理员用户可能没有的该命令起作用的其他用户访问权限,是否有人有任何线索?
1 个解决方案
解决方案1
0 2015-04-12 03:50:54
Here is an article that explains how to resolve this problem... basically to fix this you set LocalAccountTokenFilterPolicy to True in the registry. 这是一篇介绍了如何解决此问题的文章。基本上,要解决此问题,您可以在注册表中将LocalAccountTokenFilterPolicy设置为True。
http://www.shirmanov.com/2011/04/winrm-access-is-denied-on-local.html http://www.shirmanov.com/2011/04/winrm-access-is-denied-on-local.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.