Reputation: 869
Remote Exchange Powershell using WSManConnectionInfo or Command Window (security)
While developing in C# using Powershell Runspace and WSManConnectionInfo I noticed some strange behaviour when testing the same connection (with identical domain user) from the powershell command window.
OK: Remote Powershell using Command Window (user without permission) (failed as expected)
# Connecting to a Remote powershell using non authorized domain user.
New-PSSession -ComputerName MY-EXCH-SERVER -Credential $null
New-PSSession : [MY-EXCH-SERVER] Connecting to remote server MY-EXCH-SERVER failed with the following error message :
Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
NOT OK: Remote Powershell connection through WSManConnectionInfo from VS2015 with the same user as before (success but it shouldn't because its the same user)
// When I do the below with the SAME user I am using in Powershell cmd window
WSManConnectionInfo connectionInfo = new WSManConnectionInfo(
new Uri("http://MY-EXCH-SERVER/PowerShell/"),
"http://schemas.microsoft.com/powershell/Microsoft.Exchange",
PSCredential.Empty
);
connectionInfo.SkipCACheck = true; // can be ignored
connectionInfo.SkipCNCheck = true; // can also be ignored
connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Default;
this.currentRunspace = RunspaceFactory.CreateRunspace(connectionInfo);
this.currentRunspace.Open();
[...]
// The connection is established, but the user does not have access actually
UPDATE
When I try to open the Url from a Browser I get 401 - Unauthorized as expected.
But still, it is still possibile through the C# code I have posted here
UPDATE 2
I noticed that the WSManConnectionInfo uses some Kerberos Authentication (in this case) and get successfully logged in.
Can anyone explain me what are the differences between CommandLine and WSManConnectionInfo and why i get successfully authenticated using one but not using the other?
Thank you in advance
Upvotes: 0
Views: 3723
Answers (1)
Reputation: 869
New-PSSession -ComputerName MY-EXCH-SERVER -Credential $null cannot be compared with WSManConnectionInfo in Visual Studio.
But New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://MY-EXCH-SERVER/PowerShell/does.
I also noticed almost every user (within the domain) has access to the Exchange Powershell using the command I mentioned - But they have limited access (For example they cannot run "Get-TransportAgent").
In other words, domain user have access to exchange shell cmdlets dependent on their Active Directory permission but all can usually connect to it
Upvotes: 1
Related Questions
- Exchange PowerShell commands through C#
- Access Exchange Using Powershell in C#
- Connect to Microsoft Exchange PowerShell within C#
- Exchange Powershell in c#
- Remote connection to an exchange Powershell hosted on IIS
- How can I connect to Exchange server remotely through Powershell and a PSSessionConfiguration
- C# Connected to Powershell, but I need connect to Exchange Management Shell
- Create remote powershell session in c#?
- Powershell and exchange in C#
- Remote connect to powershell from C#