Menu
I'm trying to run Get-ScheduledTask remotely through Invoke-Command. The user is a non-admin but is a part of the "Remote Management Users". PS-Remoting works fine. Running the command locally works fine. But running it through Invoke-Command gets me the following error:
Cannot connect to CIM server. Access denied
+ CategoryInfo : ResourceUnavailable: (MSFT_ScheduledTask:String) [Get-ScheduledTask], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-ScheduledTask
+ PSComputerName : us-web1
Here's the code sample:
$servers = "us-web1","us-web2","us-engine1","us-engine2","us-engine3","us-engine4"
foreach ( $server in $servers ) {
Invoke-Command -ComputerName "$server" -ScriptBlock {
get-scheduledtask
}
}
991
The only way to get a remote PowerShell session to execute elevated (with admin privileges) is to connect with a user account (either implicitly or via -Credential ) that has admin privileges on the target machine. With such an account, the session automatically and invariably runs elevated.
What permissions are needed to run PowerShell on a remote machine? A. To run PowerShell on a remote box the credential used must be a local administrator if connecting via the default session configuration. This can be seen by running Get-PSSessionConfiguration (along with Remote Management Users).
I was having a very similar issue with trying to use the get-printer command remotely without admin credentials.
What I found really helped was this link: https://social.technet.microsoft.com/Forums/exchange/en-US/b748d1bb-fa97-4c30-a626-145dfbc40873/service-acccount-permission-to-remote-powershell-to-dns-server-on-windows-server-2012?forum=winserverpowershell
The process that I used for my issue was:
Open Computer Management Console. Right click WMI Control (under Services and Applications) and click property.
In the newly open Window, click on Security tab.
Expand Root tree, and then click on the node CIMV2, and click the button security
In the newly open Window, click the button Advanced.
In the newly open Window, click the button Add under the permission tab.
In the newly open Window, click on “select a principal”, then search and add the account or group you want to have access as the principal, then click ok.
In the applies to, choose “this namespace and subnamespace”.
For the permission, check on “Execute Methods”, “Enable Accounts” and “Remote Enable”
Click accept on all the open dialogue boxes
restart WMI services
attempt remotely running your command again. It will fail again, but this time you will see the real issue. Look in the error for "permission denied" then follow the same steps as above and grant access to the path shown.
Hope this helps
82
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
