CODEWITHSUNDEEP
powershellpowershell-remotinginvoke-command
user2850560
user2850560

Reputation: 111

Invoke-command localhost Access Denied

When Trying to invoke-Command against the Local Host I get access denied.

I have confirmed that PS remoting is enabled and the account is Administrator. Additionally Remoting in from remote machine works without issue. 

Invoke-Command -computername LocalHost -scriptblock {hostname}

I expect to have the hostname of the local machine returned, however I receive Access denied Errors.

Upvotes: 3

Views: 7737

Answers (2)

BenjaminSelby
BenjaminSelby

Reputation: 61

I was having this problem and it appears to be due to the fact that I had run Enable-PsRemoting in version 7 of PS, whereas when you run Invoke-Command without specifying a 'session configuration', it defaults to running a PS v5 session. When you run Enable-PsRemoting, it creates session configurations which are used when commands are run via Invoke-Command. So, if you haven't got a session configuration defined for PS v5, Invoke-Command will fail because it defaults to that version when creating the session.

You can get a list of session configurations using 'Get-PSSessionConfiguration'. If you have never run Enable-PsRemoting, there probably won't be any. When you run Enable-PsRemoting, it seems to create session configurations only for the version of PS that you are executing the command in.

For example:

C:\Windows\System32>Get-PSSessionConfiguration


Name          : PowerShell.7
PSVersion     : 7.4
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote
                Management Users AccessAllowed

Name          : PowerShell.7.4.6
PSVersion     : 7.4
StartupScript :
RunAsUser     :
Permission    : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote
                Management Users AccessAllowed

I found there are a few solutions - one of which is to specify the session configuration in the Invoke-Command command:

Invoke-Command -ComputerName localhost -ScriptBlock {hostname} -ConfigurationName Powershell.7

Or, you can open PS v5 using the 'powershell' command, run Enable-PsRemoting, and then exit to your original v7 session. Invoke-Command should work then, even without the ConfigurationName parameter.

Based on information here: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-7.5#how-to-recreate-the-default-session-configurations

Worked for me, hope it helps someone else.

Upvotes: 0

user2850560
user2850560

Reputation: 111

Enable PSRemoting Service to Start Automatic

on both host and remote machines

Set-Service winrm -StartupType Automatic 
Start-Service winrm

Enable PSREmoting

On both host and remote machines

EnablePSRemoting -Force

Add computers to Trusted Hosts

On Remote machine

Set-Item wsman:\localhost\Client\TrustedHosts -Value "$(hostname),*$((Get-WmiObject Win32_ComputerSystem).Domain)"

Enable Multi Hopping in Powershell Remoting

Identify which hosts to allow passing of Creds

Enable-WSManCredSSP –Role Client –DelegateComputer   "$(hostname),*$((Get-WmiObject Win32_ComputerSystem).Domain)"

On the source machine. 

Enable-WSManCredSSP –Role Server

You must specify Authentication and a Credential

on Host Machine

$Cred = [System.Management.Automation.PSCredential]::new("<username>",$("<Password>" | ConvertTo-SecureString -AsPlainText -Force))
invoke-command -ComputerName localhost -ScriptBlock {Write-Host $args[0]} -ArgumentList "Hello!, It Works" -Authentication Credssp -Credential $cred

REFERENCE

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-6

Upvotes: 0

Related Questions