on non-domain server server have local administrator account user.
on domain client machine running domain user.
using following code attempt view services on server
$cred = get-credential "server\user" invoke-command -computername server -scriptblock {get-service} -credential $cred however, receive following error
cannot open service control manager on computer '.'. operation might require other privileges. + categoryinfo : notspecified: (:) [get-service], invalidoperationexception + fullyqualifiederrorid : system.invalidoperationexception,microsoft.powershell.commands.getservicecommand
yet, if rdp server user, can manually open powershell window , run get-service without issues. what's going on?
when remoting cross-domain, remote command/session not run administrative rights. though you're connecting local admin, resulting pssession not elevated.
to fix this, need set registry key localaccounttokenfilterpolicy located in hkey_local_machine\software\microsoft\windows\currentversion\policies\system 1. see microsoft more details
Comments
Post a Comment