Hi,
I’ve been asked to create a tool so that “regular” users can see and logoff an RDS user session. I’m trying to create an endpoint for which a group of users can connect to and then run a specific set of commands under the credentials of another account.
This is my lab:
DC01
BG01 (broker/gateway)
SH01 (session host)
all of them running Windows Server 2012 R2.
I begin with creating the sesssionconfigurationfile with the follwing command:
New-PSSessionConfigurationFile -Path C:\admin.pssc -SessionType RestrictedRemoteServer -VisibleFunctions ‘Get-NetIPAddress’ -ModulesToImport ‘NetTCPIP’
Then I register it:
Register-PSSessionConfiguration -Path .\admin.pssc -Name admin -RunAsCredential $cred -Force -Confirm:$false -SecurityDescriptorSddl “O:NSG:BAD:P(A;;GA;;;BA)(A;;GXGWGR;;;S-1-5-21-3029544977-3128121203-2081689124-1107)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)”
And finally I connect to that endpoint with a user that is part of the group specified in the SDDL. Up until this point I don’t experience any problems at all. I cannot import any other modules and except from a few basic cmdlets I can only run “Get-NetIPAddress”.
But when I try to change the ModulesToImport parameter to ‘RemoteDesktop’ and the VisibleFunctions to ‘Get-RDUserSession’, ‘Invoke-RDUserLogOff’ it stops working.
Then, when I try to connect to the endpoint, which worked perfectly before I get the following error:
Enter-PSSession : Processing data from remote server robama-bg01 failed with the following error message: The request f
or the Windows Remote Shell with ShellId 55B8749F-561E-4D4A-9BE1-1F615F01281F failed because the shell was not found on
the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provi
de the correct ShellId or create a new shell and retry the operation. For more information, see the about_Remote_Troubl
eshooting Help topic.
At line:1 char:1
- Enter-PSSession -ComputerName BG01 -ConfigurationName admin
-
+ CategoryInfo : InvalidArgument: (BG01:String) [Enter-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
I remove the PSSessionConfiguration and then tried again but the problem persists. I even repeated the process with the NetTCPIP module and a couple of other modules and everything worked fine. I tried the same thing in a colleagues LAB and it was the same thing.
Any ideas? Thanks…