[wpkg-users] Trouble enabling PowerShell Remoting from WPKG

Paul Griffith paulg at cse.yorku.ca
Mon May 26 06:11:54 CEST 2014 

Hi Keith,


I will upgrade to PowerShell 4.0 and try again. I will post my results.

=====
   -SkipNetworkProfileCheck


Enables remoting on client versions of Windows when the computer is on  
a public network. This parameter enables a firewall rule for public  
networks that allows remote access only from computers in the same  
local subnet.

This parameter has no effect on server versions of Windows, which, by  
default, have a local subnet firewall rule for public networks. If the  
local subnet firewall rule is disabled on a server version of Windows,  
Enable-PSRemoting re-enables it, regardless of the value of this  
parameter.

To remove the local subnet restriction and enable remote access from  
all locations on public networks, use the Set-NetFirewallRule cmdlet  
in the NetSecurity module. For more information, see Notes and Examples.

This parameter is introduced in Windows PowerShell 3.0.
=====

http://technet.microsoft.com/en-us/library/hh849694(v=wps.620).aspx



Thank You,
Paul

Quoting Keith Jones <K.E.Jones at brighton.ac.uk>:

> Hi,
>
>   Well researched! Osama does appear to entirely correct. I've been  
> trying to emulate SYSTEM running the commands using psexec and every  
> time it gets access denied making the modifications. I've tried  
> giving it interactive flags and forcing it to use the elevated token  
> but it just fails. I guess powershell's settings don't actually have  
> any ACL's allowing SYSTEM access. The security philosophy is  
> probably right but I'd put it up there right alongside UAC on the  
> annoyance scales :-(
>
>   As I'm currently using a "public" wifi connection, I've run into  
> the effects of the Enable-PS-Remoting failing on that front too  
> tonight. Apparently powershell 3.0+ have a version of  
> Enable-PS-Remoting that is a bit more relaxed and doesn't complain.  
> I'm just about to upgrade and try it :-)
>
> Keith
>
> -----Original Message-----
> From: Paul Griffith [mailto:paulg at cse.yorku.ca]
> Sent: 24 May 2014 01:25
> To: Keith Jones
> Cc: wpkg-users at lists.wpkg.org
> Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from WPKG
>
>
> I found something, but I will have to look into on Monday. It looks  
> like I may have to add "SYSTEM" to Administrator group and look into  
> my network connection settings.
>
>
> http://blogs.msdn.com/b/powershell/archive/2009/04/30/enable-psremoting.aspx
>
> -----snip----
> Problem was that my domain a/c was not an administrator on the box.
> Even if I launch PowerShell elevated (and give local administrator
> creds) it was not working. I tried logging in as local admin but  
> Enable-PS Remoting still failed.
>
> Solution: I had to add my domain a/c to administrators group and  
> Enable-PsSession worked after that.
>
>   If you are not an administrator, Enable-PsSession will fail even  
> if you launch elevated. This is true for some other remoting  
> configuration cmdlets as well e.g.
>
>   Set-PSSessionConfiguration Microsoft.Powershell -ShowSecurityDescriptorUI
>
> Another important thing to know is ? ?You must run PowerShell  
> elevated if you?re connecting to the same box (localhost)?.
>
> Osama Sajid
> --snip----
>
> and this:
>
> http://powershell.com/cs/forums/t/8167.aspx
>
> -----snip----
> In the future use Enable-PSRemoting cmdlet to enable remoting. You  
> will get "better" error message than "Access denied" if one of the  
> network connection types on the machine is set to Public:
>
>
> WinRM firewall exception will not work since one of the network  
> connection types on this machine is set to Public. Change the  
> network connection type to either Domain or Private and try again
> ---snip------
>
> I have to make sure that the network connection type is set correctly.
> Quoting Keith Jones <K.E.Jones at brighton.ac.uk>:
>
>
>
>> Okay.
>>
>>  I can't see much wrong there either :-(
>>
>>  It's now almost 1:00am here so I'd best run away but I'll work on
>> this tomorrow morning.
>>
>> Keith
>>
>>
>> -----Original Message-----
>> From: wpkg-users-bounces at lists.wpkg.org
>> [mailto:wpkg-users-bounces at lists.wpkg.org] On Behalf Of Keith Jones
>> Sent: 23 May 2014 23:24
>> To: Paul Griffith
>> Cc: wpkg-users at lists.wpkg.org
>> Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from
>> WPKG
>>
>> Cool.
>>
>>  Everything you've done so far looks right to me too. I'm just going
>> to have a quick look at the powershell code. Brb
>>
>> Keith
>>
>> -----Original Message-----
>> From: Paul Griffith [mailto:paulg at cse.yorku.ca]
>> Sent: 23 May 2014 22:59
>> To: Keith Jones
>> Cc: wpkg-users at lists.wpkg.org
>> Subject: Re: [wpkg-users] Trouble enabling PowerShell Remoting from
>> WPKG
>>
>> Hi Keith,
>>
>>     WPKG runs under the SYSTEM account, from the WPKG service.
>>
>> Paul
>>
>> Quoting Keith Jones <K.E.Jones at brighton.ac.uk>:
>>
>>> Hi Paul.
>>>
>>>  WPKG only has the privs that the account it runs from/under has.
>>> How/when are you running it?
>>>
>>> Keith
>>>
>>> -----Original Message-----
>>> From: wpkg-users-bounces at lists.wpkg.org
>>> [mailto:wpkg-users-bounces at lists.wpkg.org] On Behalf Of Paul Griffith
>>> Sent: 23 May 2014 19:54
>>> To: wpkg-users at lists.wpkg.org
>>> Subject: [wpkg-users] Trouble enabling PowerShell Remoting from WPKG
>>>
>>> Greetings,
>>>
>>>     I have been running into a brick wall trying to turn on
>>> PowerShell Remoting via WPKG, all attempts have failed. If I run the
>>> wpkg package from a admin prompt, it works. When I try the same thing
>>> from the WPKG it fails. Is there anything special I have to do to
>>> enable PowerShell Remoting from the system account ?
>>>
>>>
>>> In the Eventlog I see the error message "Connecting to the remote
>>> server failed with the following message: Access is denied"
>>>
>>> Any pointers? Do need to do something with the System account ?
>>>
>>> Here is my package file, I adapted from Dafydd Jones.
>>>
>>>
>>> ----snip----
>>> <?xml version="1.0" encoding="UTF-8"?>
>>>
>>> <packages:packages
>>>          xmlns:packages="http://www.wpkg.org/packages"
>>> xmlns:wpkg="http://www.wpkg.org/wpkg"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>          xsi:schemaLocation="http://www.wpkg.org/packages
>>> ../../xsd/packages.xsd" >
>>>      <package id="ps-remoting"
>>>              name="Enable Powershell Remoting"
>>>              revision="%PKG_VERSION%rc1"
>>>              reboot="false"
>>>              priority="10">
>>>
>>>          <variable name="PKG_VERSION"     value="1" />
>>>          <variable name="PKG_NAME"        value="ps-remoting" />
>>>          <variable name="PKG_SOURCE"      value="%SOFTWARE%\"/>
>>>          <variable name="PKG_DESTINATION" value="%ProgramFiles%\"
>>> architecture="x86"/>
>>>          <variable name="PKG_DESTINATION" value="%ProgramFiles(x86)%\"
>>> architecture="x64"/>
>>>
>>>          <check type="execute" path='powershell -NonInteractive
>>> -Command "if (Invoke-Command localhost {1}) {exit 0} else {exit 1}"'
>>> condition="exitcodeequalto" value="0"/>
>>>
>>>          <install cmd='powershell -ExecutionPolicy Unrestricted
>>> -NonInteractive -Command "Enable-PSRemoting -Force" '/>
>>>          <install cmd='powershell -ExecutionPolicy Unrestricted
>>> -NonInteractive -Command "Set-Item
>>> WSMan:\localhost\Client\TrustedHosts
>>> -Value * -Force" '/>
>>>
>>>
>>>          <upgrade include="install" />
>>>
>>>         <remove cmd='powershell -ExecutionPolicy Unrestricted
>>> -NonInteractive -Command "Disable-PSRemoting -Force" '/>
>>>
>>>      </package>
>>> </packages:packages>
>>> ----snip----
>>>
>>> Thank You
>>> Paul
>>
>>
>>
>>
>>
>> ___________________________________________________________
>> This email has been scanned by MessageLabs' Email Security System on
>> behalf of the University of Brighton.
>> For more information see http://www.brighton.ac.uk/is/spam/
>> ___________________________________________________________
>>
>> ___________________________________________________________
>> This email has been scanned by MessageLabs' Email Security System on
>> behalf of the University of Brighton.
>> For more information see http://www.brighton.ac.uk/is/spam/
>> ___________________________________________________________
>> ----------------------------------------------------------------------
>> --- Vacation Rentals, Homes, Apartments & Rooms - sign up and get $25
>> off your first booking! http://www.ptraveler.com/redir/airbnb
>> ----------------------------------------------------------------------
>> ---
>> wpkg-users mailing list archives >>
>> http://lists.wpkg.org/pipermail/wpkg-users/
>> _______________________________________________
>> wpkg-users mailing list
>> wpkg-users at lists.wpkg.org
>> http://lists.wpkg.org/mailman/listinfo/wpkg-users
>>
>> ___________________________________________________________
>> This email has been scanned by MessageLabs' Email Security System on
>> behalf of the University of Brighton.
>> For more information see http://www.brighton.ac.uk/is/spam/
>> ___________________________________________________________
>>
>> ___________________________________________________________
>> This email has been scanned by MessageLabs' Email Security System on
>> behalf of the University of Brighton.
>> For more information see http://www.brighton.ac.uk/is/spam/
>> ___________________________________________________________
>
> --
> Paul Griffith | Computer Systems Coordinator Electrical Engineering  
> & Computer Science | Lassonde School of Engineering York University  
> | 4700 Keele St., Toronto ON M3J 1P3 Canada
> T:416-736-2100 x70258 | F:416-736-5872
> --=--=--=--=--
> We will NEVER send unsolicited requests for passwords or other  
> personal information via email.
> Messages requesting such information are fraudulent and should be deleted.
>
>
>
>
> ___________________________________________________________
> This email has been scanned by MessageLabs' Email Security System on  
> behalf of the University of Brighton.
> For more information see http://www.brighton.ac.uk/is/spam/
> ___________________________________________________________
>
> ___________________________________________________________
> This email has been scanned by MessageLabs' Email Security
> System on behalf of the University of Brighton.
> For more information see http://www.brighton.ac.uk/is/spam/
> ___________________________________________________________

-- 
Paul Griffith | Computer Systems Coordinator
Electrical Engineering & Computer Science | Lassonde School of Engineering
York University | 4700 Keele St., Toronto ON M3J 1P3 Canada
T:416-736-2100 x70258 | F:416-736-5872
--=--=--=--=--
We will NEVER send unsolicited requests for passwords or other  
personal information via email.
Messages requesting such information are fraudulent and should be deleted.

More information about the wpkg-users mailing list