May be worth checking if “Local account” or “Local account and member of Administrators group” is set to deny access to the computer remotely:
-Aakash Shah
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce7n5uxSivF8i0NS2aJXD17Pq_gMQJcJKKoqLT7rH2QGbQ%40mail.gmail.com.
Could he have maybe changed the WinRM policy for workstation GPOs? Maybe the IPv4/IPv6 filters?
--
John Wright
IT Support Specialist
1800 Old Bluegrass Avenue, Louisville, KY 40215
Please submit IT requests to Hazelwoo...@bluegrass.org
24 Hour Helpline 1.800.928.8000
CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
On Behalf Of Kurt Buff
Sent: Monday, September 18, 2023 8:01 PM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] This used to work, and now it doesn't
This message is from an external sender. |
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce7n5uxSivF8i0NS2aJXD17Pq_gMQJcJKKoqLT7rH2QGbQ%40mail.gmail.com.
[CAUTION] Do not click on links or open attachments unless you recognize the sender and know the content is safe. |
Sorry, I think my sleep- and coffee-deprived brain misunderstood. You’re not failing to establish the session but failing the commands afterward, is that right?
If so, what do you get for the output of this command during the session:
([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
--
John Wright
IT Support Specialist
1800 Old Bluegrass Avenue, Louisville, KY 40215
Please submit IT requests to Hazelwoo...@bluegrass.org
24 Hour Helpline 1.800.928.8000
CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/DM6PR12MB43722CECE206E6E6E6CD873A91FAA%40DM6PR12MB4372.namprd12.prod.outlook.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/SJ0P221MB07372C946D1571BC7DA00509F2FAA%40SJ0P221MB0737.NAMP221.PROD.OUTLOOK.COM.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/DM6PR12MB43725E5345769D19FED8776291FAA%40DM6PR12MB4372.namprd12.prod.outlook.com.
Could be localaccountokenfilterpolicy: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction Though I’m not sure how that would’ve gotten changed by GPO.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce4CeTqP-DQXApHZt-cuRu%3DDo_P8JHBbPkSq9tELi-i%3DTA%40mail.gmail.com.
On Sep 19, 2023, at 10:30 AM, Kurt Buff <kurt...@gmail.com> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce67ZT2TGddh%3DGuXmfQ%3Dx59%3DSKLX%2B7EiG78daOy%2Bzb1asA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/1531F591-DA31-4CB5-A254-60F78866987A%40gmail.com.
From the MS Learn article.
"Because of User Account Control (UAC), the remote account must be a domain account and a member of the remote computer’s Administrators group.”
What that means:
1. If the system is part of the AD Domain.
2. You use an AD Domain user account to remotely access the system.
3. And the AD Domain user account you use is a member of the target computer’s local Administrators group.
4. Then UAC allows access to the WinRM services and the target system resources.
This does work.
Peter
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/DM6PR12MB4372F22DCD59A9B5EF027C6E91FAA%40DM6PR12MB4372.namprd12.prod.outlook.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/E513B99B-C64B-430E-8043-B3D987241A9E%40hxcore.ol.
On Sep 19, 2023, at 12:27 PM, Kurt Buff <kurt...@gmail.com> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce4abqGcSWe4P2NekbRuzNoM9vxOQ%2BSdyguC%3D3F_59RHbQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/57B57A51-029F-40D5-A307-C54797A79AF1%40gmail.com.
On Sep 19, 2023, at 3:07 PM, Kurt Buff <kurt...@gmail.com> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce7bTLokV1HFZxT_oQxg3P_6JHqP%2BAsOFr59Dzv_kHRm%2BQ%40mail.gmail.com.
I’ve been on vaca, so you’ll forgive me for not having read the entire thread. Did you resolve this?
It looks like you’ve been put into a constrained-mode PS session.
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
On Behalf Of Kurt Buff
Sent: Monday, September 18, 2023 8:01 PM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] This used to work, and now it doesn't
I used to be able to use LAPS credentials to start a WinRM session on a workstation from my machine, and run a bunch of local commands. Then, a bright young lad on the sysadmin team changed a bunch of workstation GPOS, and now I'm getting errors, like so:
--
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/692b7526743943cfad053f82c2343e6d%40smithcons.com.
Good thing it wasn’t a majorly nasty virus Kurt. Glad you’re on the mend.
Gordon
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
On Behalf Of Kurt Buff
Sent: Tuesday, October 3, 2023 12:09
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] This used to work, and now it doesn't
[EXTERNAL]
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce4irWBeqKC5aGDuM71yjH6X9EcK-RRu1QsKfFU2xBXfgg%40mail.gmail.com.