[wpkg-users] Trouble enabling PowerShell Remoting from WPKG
Keith Jones
K.E.Jones at brighton.ac.uk
Sat May 24 22:02:45 CEST 2014
Hi,
Well researched! Osama does appear to entirely correct. I've been trying to emulate SYSTEM running the commands using psexec and every time it gets access denied making the modifications. I've tried giving it interactive flags and forcing it to use the elevated token but it just fails. I guess powershell's settings don't actually have any ACL's allowing SYSTEM access. The security philosophy is probably right but I'd put it up there right alongside UAC on the annoyance scales :-(
As I'm currently using a "public" wifi connection, I've run into the effects of the Enable-PS-Remoting failing on that front too tonight. Apparently powershell 3.0+ have a version of Enable-PS-Remoting that is a bit more relaxed and doesn't complain. I'm just about to upgrade and try it :-)
Keith
-----Original Message-----
From: Paul Griffith [mailto:paulg at cse.yorku.ca]
Sent: 24 May 2014 01:25
To: Keith Jones
Cc: wpkg-users at lists.wpkg.org
Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from WPKG
I found something, but I will have to look into on Monday. It looks like I may have to add "SYSTEM" to Administrator group and look into my network connection settings.
http://blogs.msdn.com/b/powershell/archive/2009/04/30/enable-psremoting.aspx
-----snip----
Problem was that my domain a/c was not an administrator on the box.
Even if I launch PowerShell elevated (and give local administrator
creds) it was not working. I tried logging in as local admin but Enable-PS Remoting still failed.
Solution: I had to add my domain a/c to administrators group and Enable-PsSession worked after that.
If you are not an administrator, Enable-PsSession will fail even if you launch elevated. This is true for some other remoting configuration cmdlets as well e.g.
Set-PSSessionConfiguration Microsoft.Powershell -ShowSecurityDescriptorUI
Another important thing to know is ? ?You must run PowerShell elevated if you?re connecting to the same box (localhost)?.
Osama Sajid
--snip----
and this:
http://powershell.com/cs/forums/t/8167.aspx
-----snip----
In the future use Enable-PSRemoting cmdlet to enable remoting. You will get "better" error message than "Access denied" if one of the network connection types on the machine is set to Public:
WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again
---snip------
I have to make sure that the network connection type is set correctly.
Quoting Keith Jones <K.E.Jones at brighton.ac.uk>:
> Okay.
>
> I can't see much wrong there either :-(
>
> It's now almost 1:00am here so I'd best run away but I'll work on
> this tomorrow morning.
>
> Keith
>
>
> -----Original Message-----
> From: wpkg-users-bounces at lists.wpkg.org
> [mailto:wpkg-users-bounces at lists.wpkg.org] On Behalf Of Keith Jones
> Sent: 23 May 2014 23:24
> To: Paul Griffith
> Cc: wpkg-users at lists.wpkg.org
> Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from
> WPKG
>
> Cool.
>
> Everything you've done so far looks right to me too. I'm just going
> to have a quick look at the powershell code. Brb
>
> Keith
>
> -----Original Message-----
> From: Paul Griffith [mailto:paulg at cse.yorku.ca]
> Sent: 23 May 2014 22:59
> To: Keith Jones
> Cc: wpkg-users at lists.wpkg.org
> Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from
> WPKG
>
> Hi Keith,
>
> WPKG runs under the SYSTEM account, from the WPKG service.
>
> Paul
>
> Quoting Keith Jones <K.E.Jones at brighton.ac.uk>:
>
>> Hi Paul.
>>
>> WPKG only has the privs that the account it runs from/under has.
>> How/when are you running it?
>>
>> Keith
>>
>> -----Original Message-----
>> From: wpkg-users-bounces at lists.wpkg.org
>> [mailto:wpkg-users-bounces at lists.wpkg.org] On Behalf Of Paul Griffith
>> Sent: 23 May 2014 19:54
>> To: wpkg-users at lists.wpkg.org
>> Subject: [wpkg-users] Trouble enabling PowerShell Remoting from WPKG
>>
>> Greetings,
>>
>> I have been running into a brick wall trying to turn on
>> PowerShell Remoting via WPKG, all attempts have failed. If I run the
>> wpkg package from a admin prompt, it works. When I try the same thing
>> from the WPKG it fails. Is there anything special I have to do to
>> enable PowerShell Remoting from the system account ?
>>
>>
>> In the Eventlog I see the error message "Connecting to the remote
>> server failed with the following message: Access is denied"
>>
>> Any pointers? Do need to do something with the System account ?
>>
>> Here is my package file, I adapted from Dafydd Jones.
>>
>>
>> ----snip----
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <packages:packages
>> xmlns:packages="http://www.wpkg.org/packages"
>> xmlns:wpkg="http://www.wpkg.org/wpkg"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xsi:schemaLocation="http://www.wpkg.org/packages
>> ../../xsd/packages.xsd" >
>> <package id="ps-remoting"
>> name="Enable Powershell Remoting"
>> revision="%PKG_VERSION%rc1"
>> reboot="false"
>> priority="10">
>>
>> <variable name="PKG_VERSION" value="1" />
>> <variable name="PKG_NAME" value="ps-remoting" />
>> <variable name="PKG_SOURCE" value="%SOFTWARE%\"/>
>> <variable name="PKG_DESTINATION" value="%ProgramFiles%\"
>> architecture="x86"/>
>> <variable name="PKG_DESTINATION" value="%ProgramFiles(x86)%\"
>> architecture="x64"/>
>>
>> <check type="execute" path='powershell -NonInteractive
>> -Command "if (Invoke-Command localhost {1}) {exit 0} else {exit 1}"'
>> condition="exitcodeequalto" value="0"/>
>>
>> <install cmd='powershell -ExecutionPolicy Unrestricted
>> -NonInteractive -Command "Enable-PSRemoting -Force" '/>
>> <install cmd='powershell -ExecutionPolicy Unrestricted
>> -NonInteractive -Command "Set-Item
>> WSMan:\localhost\Client\TrustedHosts
>> -Value * -Force" '/>
>>
>>
>> <upgrade include="install" />
>>
>> <remove cmd='powershell -ExecutionPolicy Unrestricted
>> -NonInteractive -Command "Disable-PSRemoting -Force" '/>
>>
>> </package>
>> </packages:packages>
>> ----snip----
>>
>> Thank You
>> Paul
>
>
>
>
>
> ___________________________________________________________
> This email has been scanned by MessageLabs' Email Security System on
> behalf of the University of Brighton.
> For more information see http://www.brighton.ac.uk/is/spam/
> ___________________________________________________________
>
> ___________________________________________________________
> This email has been scanned by MessageLabs' Email Security System on
> behalf of the University of Brighton.
> For more information see http://www.brighton.ac.uk/is/spam/
> ___________________________________________________________
> ----------------------------------------------------------------------
> --- Vacation Rentals, Homes, Apartments & Rooms - sign up and get $25
> off your first booking! http://www.ptraveler.com/redir/airbnb
> ----------------------------------------------------------------------
> ---
> wpkg-users mailing list archives >>
> http://lists.wpkg.org/pipermail/wpkg-users/
> _______________________________________________
> wpkg-users mailing list
> wpkg-users at lists.wpkg.org
> http://lists.wpkg.org/mailman/listinfo/wpkg-users
>
> ___________________________________________________________
> This email has been scanned by MessageLabs' Email Security System on
> behalf of the University of Brighton.
> For more information see http://www.brighton.ac.uk/is/spam/
> ___________________________________________________________
>
> ___________________________________________________________
> This email has been scanned by MessageLabs' Email Security System on
> behalf of the University of Brighton.
> For more information see http://www.brighton.ac.uk/is/spam/
> ___________________________________________________________
--
Paul Griffith | Computer Systems Coordinator Electrical Engineering & Computer Science | Lassonde School of Engineering York University | 4700 Keele St., Toronto ON M3J 1P3 Canada
T:416-736-2100 x70258 | F:416-736-5872
--=--=--=--=--
We will NEVER send unsolicited requests for passwords or other personal information via email.
Messages requesting such information are fraudulent and should be deleted.
___________________________________________________________
This email has been scanned by MessageLabs' Email Security System on behalf of the University of Brighton.
For more information see http://www.brighton.ac.uk/is/spam/
___________________________________________________________
___________________________________________________________
This email has been scanned by MessageLabs' Email Security
System on behalf of the University of Brighton.
For more information see http://www.brighton.ac.uk/is/spam/
___________________________________________________________
More information about the wpkg-users
mailing list