[wpkg-users] Trouble enabling PowerShell Remoting from WPKG
Paul Griffith
paulg at cse.yorku.ca
Tue May 27 14:33:36 CEST 2014
Hi Keith,
Issue finally resolved, updating to Windows Management Framework 4.0
solved my problem, according to the documentation I have seen, Windows
Management Framework 3.0 should also solve the problem. It was the
"-SkipNetworkProfileCheck" that really solved the problem, this option
was added in WMF 3.0
Thank you for all your help!
To the list, sorry for all the top posting.
---- enable PS-Remoting -----
<?xml version="1.0" encoding="UTF-8"?>
<packages:packages
xmlns:packages="http://www.wpkg.org/packages"
xmlns:wpkg="http://www.wpkg.org/wpkg"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.wpkg.org/packages
../../xsd/packages.xsd" >
<package id="ps-remoting"
name="Enable Powershell Remoting"
revision="%PKG_VERSION%rc1"
reboot="false"
priority="10">
<variable name="PKG_VERSION" value="1" />
<variable name="PKG_NAME" value="ps-remoting" />
<variable name="PKG_SOURCE" value="%SOFTWARE%\"/>
<variable name="PKG_DESTINATION" value="%ProgramFiles%\"
architecture="x86"/>
<variable name="PKG_DESTINATION" value="%ProgramFiles(x86)%\"
architecture="x64"/>
<include package-id="ps-remoting-firewall"/>
<check type="execute" path='powershell -NonInteractive -Command
"if (Invoke-Command localhost {1}) {exit 0} else {exit 1}"'
condition="exitcodeequalto" value="0"/>
<install cmd='"%comspec%" /c powershell -ExecutionPolicy
Unrestricted -NonInteractive -Command "Enable-PSRemoting
-SkipNetworkProfileCheck -Force"'/>
<install cmd='"%comspec%" /c powershell -ExecutionPolicy
Unrestricted -NonInteractive -Command "Set-Item
WSMan:\localhost\Client\TrustedHosts -Value * -Force"'/>
<upgrade include="install" />
<remove cmd='%comspec% /c "powershell -NonInteractive -Command
Disable-PSRemoting -Force"'/>
</package>
</packages:packages>
------ install Windows Management Framework 4.0 -----
<?xml version="1.0" encoding="UTF-8"?>
<packages:packages
xmlns:packages="http://www.wpkg.org/packages"
xmlns:wpkg="http://www.wpkg.org/wpkg"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.wpkg.org/packages
../../xsd/packages.xsd" >
<package id="wmf4"
name="Windows Management Framework 4.0"
revision="%PKG_VERSION%rc1"
priority="20000">
<variable name="PKG_VERSION" value="6.3.9600" />
<variable name="PKG_NAME" value="wmf4" />
<variable name="PKG_SOURCE"
value="%SOFTWARE%\wmf\Windows6.1-KB2819745-x64-MultiPkg.msu"/>
<variable name="PKG_DESTINATION" value="%ProgramFiles%\"
architecture="x86"/>
<variable name="PKG_DESTINATION" value="%ProgramFiles(x86)%\"
architecture="x64"/>
<variable name="PKG_INSTALL_SWITCH" value="/quiet /norestart"/>
<variable name="PKG_REMOVE_SWITCH" value=""/>
<check type="file" condition="versiongreaterorequal"
path="%WinDir%\system32\WindowsPowerShell\v1.0\powershell.exe"
value="%PKG_VERSION%" />
<install cmd='wusa "%PKG_SOURCE%" %PKG_INSTALL_SWITCH%' >
<exit code="0" />
<exit code="3010" reboot="delayed" />
</install>
<upgrade include="install" />
</package>
</packages:packages>
On 14-05-26 12:11 AM, Paul Griffith wrote:
>
> Hi Keith,
>
>
> I will upgrade to PowerShell 4.0 and try again. I will post my results.
>
> =====
> -SkipNetworkProfileCheck
>
>
> Enables remoting on client versions of Windows when the computer is on
> a public network. This parameter enables a firewall rule for public
> networks that allows remote access only from computers in the same
> local subnet.
>
> This parameter has no effect on server versions of Windows, which, by
> default, have a local subnet firewall rule for public networks. If the
> local subnet firewall rule is disabled on a server version of Windows,
> Enable-PSRemoting re-enables it, regardless of the value of this
> parameter.
>
> To remove the local subnet restriction and enable remote access from
> all locations on public networks, use the Set-NetFirewallRule cmdlet
> in the NetSecurity module. For more information, see Notes and Examples.
>
> This parameter is introduced in Windows PowerShell 3.0.
> =====
>
> http://technet.microsoft.com/en-us/library/hh849694(v=wps.620).aspx
>
>
>
> Thank You,
> Paul
>
> Quoting Keith Jones <K.E.Jones at brighton.ac.uk>:
>
>> Hi,
>>
>> Well researched! Osama does appear to entirely correct. I've been
>> trying to emulate SYSTEM running the commands using psexec and every
>> time it gets access denied making the modifications. I've tried
>> giving it interactive flags and forcing it to use the elevated token
>> but it just fails. I guess powershell's settings don't actually have
>> any ACL's allowing SYSTEM access. The security philosophy is probably
>> right but I'd put it up there right alongside UAC on the annoyance
>> scales :-(
>>
>> As I'm currently using a "public" wifi connection, I've run into
>> the effects of the Enable-PS-Remoting failing on that front too
>> tonight. Apparently powershell 3.0+ have a version of
>> Enable-PS-Remoting that is a bit more relaxed and doesn't complain.
>> I'm just about to upgrade and try it :-)
>>
>> Keith
>>
>> -----Original Message-----
>> From: Paul Griffith [mailto:paulg at cse.yorku.ca]
>> Sent: 24 May 2014 01:25
>> To: Keith Jones
>> Cc: wpkg-users at lists.wpkg.org
>> Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from WPKG
>>
>>
>> I found something, but I will have to look into on Monday. It looks
>> like I may have to add "SYSTEM" to Administrator group and look into
>> my network connection settings.
>>
>>
>> http://blogs.msdn.com/b/powershell/archive/2009/04/30/enable-psremoting.aspx
>>
>>
>> -----snip----
>> Problem was that my domain a/c was not an administrator on the box.
>> Even if I launch PowerShell elevated (and give local administrator
>> creds) it was not working. I tried logging in as local admin but
>> Enable-PS Remoting still failed.
>>
>> Solution: I had to add my domain a/c to administrators group and
>> Enable-PsSession worked after that.
>>
>> If you are not an administrator, Enable-PsSession will fail even if
>> you launch elevated. This is true for some other remoting
>> configuration cmdlets as well e.g.
>>
>> Set-PSSessionConfiguration Microsoft.Powershell
>> -ShowSecurityDescriptorUI
>>
>> Another important thing to know is ? ?You must run PowerShell
>> elevated if you?re connecting to the same box (localhost)?.
>>
>> Osama Sajid
>> --snip----
>>
>> and this:
>>
>> http://powershell.com/cs/forums/t/8167.aspx
>>
>> -----snip----
>> In the future use Enable-PSRemoting cmdlet to enable remoting. You
>> will get "better" error message than "Access denied" if one of the
>> network connection types on the machine is set to Public:
>>
>>
>> WinRM firewall exception will not work since one of the network
>> connection types on this machine is set to Public. Change the network
>> connection type to either Domain or Private and try again
>> ---snip------
>>
>> I have to make sure that the network connection type is set correctly.
>> Quoting Keith Jones <K.E.Jones at brighton.ac.uk>:
>>
>>
>>
>>> Okay.
>>>
>>> I can't see much wrong there either :-(
>>>
>>> It's now almost 1:00am here so I'd best run away but I'll work on
>>> this tomorrow morning.
>>>
>>> Keith
>>>
>>>
>>> -----Original Message-----
>>> From: wpkg-users-bounces at lists.wpkg.org
>>> [mailto:wpkg-users-bounces at lists.wpkg.org] On Behalf Of Keith Jones
>>> Sent: 23 May 2014 23:24
>>> To: Paul Griffith
>>> Cc: wpkg-users at lists.wpkg.org
>>> Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from
>>> WPKG
>>>
>>> Cool.
>>>
>>> Everything you've done so far looks right to me too. I'm just going
>>> to have a quick look at the powershell code. Brb
>>>
>>> Keith
>>>
>>> -----Original Message-----
>>> From: Paul Griffith [mailto:paulg at cse.yorku.ca]
>>> Sent: 23 May 2014 22:59
>>> To: Keith Jones
>>> Cc: wpkg-users at lists.wpkg.org
>>> Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from
>>> WPKG
>>>
>>> Hi Keith,
>>>
>>> WPKG runs under the SYSTEM account, from the WPKG service.
>>>
>>> Paul
>>>
>>> Quoting Keith Jones <K.E.Jones at brighton.ac.uk>:
>>>
>>>> Hi Paul.
>>>>
>>>> WPKG only has the privs that the account it runs from/under has.
>>>> How/when are you running it?
>>>>
>>>> Keith
>>>>
>>>> -----Original Message-----
>>>> From: wpkg-users-bounces at lists.wpkg.org
>>>> [mailto:wpkg-users-bounces at lists.wpkg.org] On Behalf Of Paul Griffith
>>>> Sent: 23 May 2014 19:54
>>>> To: wpkg-users at lists.wpkg.org
>>>> Subject: [wpkg-users] Trouble enabling PowerShell Remoting from WPKG
>>>>
>>>> Greetings,
>>>>
>>>> I have been running into a brick wall trying to turn on
>>>> PowerShell Remoting via WPKG, all attempts have failed. If I run the
>>>> wpkg package from a admin prompt, it works. When I try the same thing
>>>> from the WPKG it fails. Is there anything special I have to do to
>>>> enable PowerShell Remoting from the system account ?
>>>>
>>>>
>>>> In the Eventlog I see the error message "Connecting to the remote
>>>> server failed with the following message: Access is denied"
>>>>
>>>> Any pointers? Do need to do something with the System account ?
>>>>
>>>> Here is my package file, I adapted from Dafydd Jones.
>>>>
>>>>
>>>> ----snip----
>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>>
>>>> <packages:packages
>>>> xmlns:packages="http://www.wpkg.org/packages"
>>>> xmlns:wpkg="http://www.wpkg.org/wpkg"
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> xsi:schemaLocation="http://www.wpkg.org/packages
>>>> ../../xsd/packages.xsd" >
>>>> <package id="ps-remoting"
>>>> name="Enable Powershell Remoting"
>>>> revision="%PKG_VERSION%rc1"
>>>> reboot="false"
>>>> priority="10">
>>>>
>>>> <variable name="PKG_VERSION" value="1" />
>>>> <variable name="PKG_NAME" value="ps-remoting" />
>>>> <variable name="PKG_SOURCE" value="%SOFTWARE%\"/>
>>>> <variable name="PKG_DESTINATION" value="%ProgramFiles%\"
>>>> architecture="x86"/>
>>>> <variable name="PKG_DESTINATION" value="%ProgramFiles(x86)%\"
>>>> architecture="x64"/>
>>>>
>>>> <check type="execute" path='powershell -NonInteractive
>>>> -Command "if (Invoke-Command localhost {1}) {exit 0} else {exit 1}"'
>>>> condition="exitcodeequalto" value="0"/>
>>>>
>>>> <install cmd='powershell -ExecutionPolicy Unrestricted
>>>> -NonInteractive -Command "Enable-PSRemoting -Force" '/>
>>>> <install cmd='powershell -ExecutionPolicy Unrestricted
>>>> -NonInteractive -Command "Set-Item
>>>> WSMan:\localhost\Client\TrustedHosts
>>>> -Value * -Force" '/>
>>>>
>>>>
>>>> <upgrade include="install" />
>>>>
>>>> <remove cmd='powershell -ExecutionPolicy Unrestricted
>>>> -NonInteractive -Command "Disable-PSRemoting -Force" '/>
>>>>
>>>> </package>
>>>> </packages:packages>
>>>> ----snip----
>>>>
>>>> Thank You
>>>> Paul
More information about the wpkg-users
mailing list