问题描述
我尝试使用 powershell PSSession cmdlet,但遇到拒绝访问错误.
I try to use powershell PSSession cmdlets, but I'm struggling with Access Denied Error.
我尝试做的是使用管理员帐户运行命令New-PSSession
(或Enter-PSSession
),但不幸的是我收到拒绝访问错误.
What I try to do is using Administrator Account I run command New-PSSession
(or Enter-PSSession
) and unfortunately I receive Access Denied Error.
我相信我正确地遵循了所有说明,因为在另一台服务器上我可以毫无问题地运行这些命令.
I follow all the instructions correctly I believe, cause on the other server I can run those commands with no troubles.
另外,我想通知 test-wsman
给我回复.我正在使用内置管理员帐户并已检查 Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI
所有的特权似乎都可以.我没有更多想法,正在寻求帮助.
In addition I'd like to inform that test-wsman
return me an response. I'm using Built-In Administrator Account and already checked Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI
All the privileges seems to be ok. I have no more ideas, looking for help.
更新
我发现了一个有趣的行为:
I found one interesting behaviour:
假设:
- 机器的IP地址是22.222.222.222
- 我使用管理员凭据通过远程桌面登录
我使用以下命令:
new-pssession // access denied
new-pssession localhost // access denied
new-pssession 127.0.0.1 // access denied
new-pssession 22.222.222.222 // Session created ! It's working !
new-pssession 22.222.222.222 -Credential Get-Credential // access denied (using the same administrator credentials which I'm using for RDP)
当我运行完全相同的命令时,我可以在另一台服务器上添加它,所有命令都成功了.
I can add that on the other server when I run exactly the same commands all commands are successful.
有什么想法吗?
推荐答案
PS 会话用于访问远程系统.为此,您必须进行一些配置:
PS session is used to access remote systems. For that you have to do few configurations:
1) 确保 winrm 服务在所有目标系统以及您的本地系统中运行.
1) Make sure the winrm service is running in all the destination systems as well as in your local system too.
2) 您必须启用 PS Remoting.Enable-PSRemoting 将计算机配置为接收使用 WS-Man 发送的 PowerShell 远程命令.
2) You have to enable PS Remoting. Enable-PSRemoting configures a computer to receive PowerShell remote commands sent with WS-Man.
所以,以管理员身份启动 Windows PowerShell
So,Start Windows PowerShell as an administrator
Enable-PSRemoting –Force
3) 您需要将远程计算机添加到 WinRM 中本地计算机的受信任主机列表中.为此,请键入:
3) You need to add the remote computer to the list of trusted hosts for the local computer in WinRM. To do so, type:
winrm s winrm/config/client '@{TrustedHosts="RemoteComputer"}'
4) 使用以下方法检查配置:
4) Check the configuration using:
winrm quickconfig
完成后,您可以使用 New-Pssession 命令创建与目标系统的交互式会话.
Once done, you can use the New-Pssession command to create an interactive session with the destination system.
否则,您可以使用 Invoke-Command 来执行一些远程操作,如下所示:
Else, you can use Invoke-Command to perform some remote operation like below:
我在评论部分提到了它是如何工作的.示例:
I have mentioned in the comment section how it has to work.Sample :
$username = "Username"
$password = "Password"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
# will list all the processess in the remote system
# if you are the entireprise admin or the domain admin then you do not have to pass the credentials. It will take the windows authentication by default.
Invoke-Command -ComputerName RemoteServer -ScriptBlock {Get-Process } -Credential $cred
既然您已经更新了问题:让我告诉您明智的做法:
Since you have updated the question: Let me tell you point wise:
127.0.0.1 和 localhost -- 都指向本地系统.意味着您必须将它们添加到本地系统的受信任主机列表中.不建议将 PSSession 用于本地系统,因为您可以直接在 PS 控制台中运行所有 ps cmdlet.
127.0.0.1 and localhost -- both are pointing to local system. Means you have to add them in the trusted hosts list of the local system.It is not advisable to use PSSession for the localsystem cause you can directly run all the ps cmdlets in the PS console.
22.222.222.222 -- 工作原因是您已将其添加到受信任的主机列表中,并且默认使用 Windows 身份验证
22.222.222.222 -- working cause you have add that in the trusted host list and it is using the windows authentication by default
22.222.222.222 -Credential Get-Credential ---- 不工作,因为格式有点错误.像这样使用:
22.222.222.222 -Credential Get-Credential ---- not working because the format is a bit wrong. Use like this:
New-PSSession -ComputerName 22.222.222.222 -Credential (Get-Credential)
希望对你有帮助.
这篇关于Powershell New-PSSession 访问被拒绝 - 管理员帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!