PowerShell访问权限仅对属于管理员但不属于本地管理员的域用户的本地用户拒绝

时间:2015-03-17 08:12:35

标签: powershell powershell-v2.0 powershell-remoting

我们正尝试使用以下命令设置PSRemoting机器

Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI

出于某种原因,这只有在我们在本地管理员的域用户的上下文中打开powershell时才有效。

PS C:\Windows\system32> Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI 

Confirm
Are you sure you want to perform this action?
Performing operation "Set-PSSessionConfiguration" on Target "Name:
Microsoft.PowerShell".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):A
Access is denied.
At line:15 char:26
+    if ((!$pluginName) -or <<<<  !(test-path "$pluginDir"))
    + CategoryInfo          : InvalidOperation: (:) [], InvalidOperationExcept
   ion
    + FullyQualifiedErrorId : WsManError

Join-Path : Access is denied.
At line:22 char:35
+    $pluginFileNamePath = Join-Path <<<<  "$pluginDir" 'FileName'
    + CategoryInfo          : NotSpecified: (:) [Join-Path], InvalidOperationE
   xception
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Power
   Shell.Commands.JoinPathCommand

Test-Path : Cannot bind argument to parameter 'Path' because it is an empty str
ing.
At line:23 char:19
+    if (!(test-path <<<<  "$pluginFileNamePath"))
    + CategoryInfo          : InvalidData: (:) [Test-Path], ParameterBindingVa
   lidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl
   lowed,Microsoft.PowerShell.Commands.TestPathCommand

Get-Item : Cannot bind argument to parameter 'LiteralPath' because it is an emp
ty string.
At line:29 char:43
+    $pluginFileName = get-item -literalpath <<<<  "$pluginFileNamePath"
    + CategoryInfo          : InvalidData: (:) [Get-Item], ParameterBindingVal
   idationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl
   lowed,Microsoft.PowerShell.Commands.GetItemCommand

Set-PSSessionConfiguration : Session Configuration "Microsoft.PowerShell" is no
t a PowerShell based shell.
At line:89 char:27
+ Set-PSSessionConfiguration <<<<  $args[0] $args[1] $args[2] $args[3] $args[4]
$args[5] $args[6] $args[7] $args[8]
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorExcep
   tion
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio
   n,Set-PSSessionConfiguration

PS C:\Windows\system32>

我认为有些东西阻止了对wsman:\localhost\plugin的访问,但却无法理解如何解决这个问题。这只发生在我们的试验台上,但在我们的开发环境中,我们没有这样的问题。

是否有人知道本命令管理员用户可能无法使用此命令的其他用户访问权限?

1 个答案:

答案 0 :(得分:0)

这篇文章解释了如何解决这个问题...基本上解决了这个问题,你在注册表中将LocalAccountTokenFilterPolicy设置为True。

http://www.shirmanov.com/2011/04/winrm-access-is-denied-on-local.html

相关问题
最新问题