none
Group Policy enable-psremoting RRS feed

  • Question

  • I have been working on this for the last 10 hours. I cannot seem to get it working. I followed all of the steps from 

    http://www.briantist.com/how-to/powershell-remoting-group-policy/

    Under the Security Filtering I have a PC name with a user just for testing.
    Here is my code: Enter-PSSession -ComputerName localhost
    Just trying to verify that it is working. I have no idea what to do know. I have tried everything. Anytime I do Enable-psremoting -force the code works fine.

    The error I am receiving is as follows.

    Enter-PSSession : Connecting to remote server localhost failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1

    Tuesday, April 15, 2014 4:27 PM

Answers

All replies

  • You have to run as an elevated administrator.

    ¯\_(ツ)_/¯

    Tuesday, April 15, 2014 4:33 PM
  • I have done this also.
    Tuesday, April 15, 2014 4:40 PM
  • I have done this also.

    You have enabled remoting and run PowerShell elevated and you still get denied?

    What other changes did you make.  By default local connections do not require anything more than enabling PS remoting. You must have changed something.


    ¯\_(ツ)_/¯

    Tuesday, April 15, 2014 4:43 PM
  • I went into Group Policy Management and added a GPO. Here is what I did:
    I made a start up script that does (Enable-PSremoting -force -skipnetworkprofilecheck)
    Then System Services Windows Remote Management (WS-Management) startup to automatic
    Then I set scripts to run
    Then under Firewall I set inbound rules Windows Remote Management - Compatibility mode (Http-in)
    -WindowsRemote Management (HTTP-IN

    UnderWindows Firewall: Define inbound port exceptions enabled and I added 5985:TCP:*:enabled:WSMan

    Also, Windows Components/Windows Remote Management (WinRM)/WinRM Service to allow automatic config listeners

    Tuesday, April 15, 2014 4:51 PM
  • I went into Group Policy Management and added a GPO. Here is what I did:
    I made a start up script that does (Enable-PSremoting -force -skipnetworkprofilecheck)
    Then System Services Windows Remote Management (WS-Management) startup to automatic
    Then I set scripts to run
    Then under Firewall I set inbound rules Windows Remote Management - Compatibility mode (Http-in)
    -WindowsRemote Management (HTTP-IN

    UnderWindows Firewall: Define inbound port exceptions enabled and I added 5985:TCP:*:enabled:WSMan

    Also, Windows Components/Windows Remote Management (WinRM)/WinRM Service to allow automatic config listeners

    It cannot be done with a startup script.  GP will enable it all by itself assuming that the system and GP are set up correctly.  The is a GP section for Remoting with PowerShell and it does it all. That is what we have been using since PowerShell V2.

    You still have to run elevated to connect to the local machine. Elevation has nothing to do with Group Policy.


    ¯\_(ツ)_/¯

    Tuesday, April 15, 2014 4:55 PM
  • So what should I setup?

    I followed everything here    http://www.briantist.com/how-to/powershell-remoting-group-policy/

    but no luck

    Tuesday, April 15, 2014 4:58 PM
  • Start here:


     Policies/Administrative Templates /Windows Components/Windows Remote Management (WinRM)/WinRM Service
        Allow Remote Server management through WinRM
        Set the Policy to Enabled.
        Set the IPv4 and IPv6 filters to *


    ¯\_(ツ)_/¯

    Tuesday, April 15, 2014 5:16 PM
  • Remember you are dealing with WS2008R2/Vista and later.  The method you were trying to sue was an old early PowerShell V2 method.

    V3 and later are a bit more automatic.


    ¯\_(ツ)_/¯

    Tuesday, April 15, 2014 5:25 PM
  • Here - this is a better and more up to date blog post on configuring PS remoting with Group Policy.

    Before attempting this be sure you understand how to configure and test PS remoting manually in a stand alone system.  Once you have understood how this works you will be better able to troubleshoot GP issues.

    http://blogs.technet.com/b/heyscriptingguy/archive/2012/07/24/an-introduction-to-powershell-remoting-part-two-configuring-powershell-remoting.aspx


    ¯\_(ツ)_/¯

    Tuesday, April 15, 2014 5:29 PM
  • I just deleted the last GP and made a new one. The only thing I did was:

    Policies/Administrative Templates /Windows Components/Windows Remote Management (WinRM)/WinRM Service
        Allow Remote Server management through WinRM
        Set the Policy to Enabled.
        Set the IPv4 and IPv6 filters to *


    I run PS as administrator and still receive the error access is denied.

    The only machines on the network are Win7/Win8    Serv2008R2/Serv2012

    Tuesday, April 15, 2014 5:39 PM
  • I just deleted the last GP and made a new one. The only thing I did was:

    Policies/Administrative Templates /Windows Components/Windows Remote Management (WinRM)/WinRM Service
        Allow Remote Server management through WinRM
        Set the Policy to Enabled.
        Set the IPv4 and IPv6 filters to *


    I run PS as administrator and still receive the error access is denied.

    The only machines on the network are Win7/Win8    Serv2008R2/Serv2012

    Follow the rest of th0e instructions in the link I just posted.  It is a more up to date discussion of how to do this.  Be sure to read the complete article.  Ask questions if you do not understand what he is asming you to do.


    ¯\_(ツ)_/¯

    Tuesday, April 15, 2014 7:05 PM
  • Still no luck.
    I ran

    Set-PSSessionConfiguration -Name microsoft.powershell -ShowSecurityDescriptorUI

    and on every machine I am always finding a group that is blocking this for some reason.

    One one machine "Network" is set to Deny across from Full Control
    On the other machine "Administrators" is set to Deny.

     How do I fix this. Can I do it from a DC? Why is this happening?

    Tuesday, April 15, 2014 8:39 PM
  • Still no luck.
    I ran

    Set-PSSessionConfiguration -Name microsoft.powershell -ShowSecurityDescriptorUI

    and on every machine I am always finding a group that is blocking this for some reason.

    One one machine "Network" is set to Deny across from Full Control
    On the other machine "Administrators" is set to Deny.

     How do I fix this. Can I do it from a DC? Why is this happening?

    What does this have to do with Group Policy?

    You are not following any of the instructions.  There is no way for use to help you fix this.  If GP is set up correctly and if GP actually works none of thisis an issue.

    This is not a scripting issue.  It is a break/fix error.  I recommend contacting a trained consultant or placing a support call with Microsoft.
    I have given you a link to explicit instructions and you are posting information that has nothing to do with the link I posted.  We cannot help you fix your system. 

    I will post once more. You need to follow the instructions in the article.  If they do not work then you have other issues.  You will need a technician to help you sort it out.


    ¯\_(ツ)_/¯

    Tuesday, April 15, 2014 9:27 PM
  • Here was the solution.

    http://www.laurierhodes.info/?q=node/57
    • Marked as answer by bohlingj Friday, April 18, 2014 3:41 PM
    Friday, April 18, 2014 3:41 PM
  • Here was the solution.

    http://www.laurierhodes.info/?q=node/57

    Glad you found that.  That only happens if you fail to set up the configuration locally correctly.  I have never had to do that.  I am surprised it is not included in the KB article.


    ¯\_(ツ)_/¯

    Friday, April 18, 2014 3:55 PM
  • You, sir, are a golden god.  May you be rewarded with unlimited supplies of bacon.

    Thanks.


    Jeff Ferris

    Wednesday, May 24, 2017 4:55 PM