Delegated Constrained Endpoint issue


I have written a simple script that displays a ‘menu’ that will enable our Media Lecturers the ability to add \ remove to a couple of AD groups and to view the group members.

I have assigned the necessary permissions to the AD groups to an account I intended to use for delegation. I have also confirmed that this account is able to add \ remove group members.

My issue is that when I run enter-pssession on a remote computer… the script auto runs (as per the .pssc file that I used for the endpoint) and my ‘menu’ displays correctly but any menu option hangs the console. This included exiting the script so nothing to do with my AD permissions on the delgated account.

I have, I think, ‘opened’ up the .pssc file in an attempt to get it working so it’s not so constrained but I’am at a complete loss now.

I am running this command to create the endpoint on my windows 8 computer that has the win8RSAT tools installed: Register-PSSessionConfiguration -name “Media” -Path “C:\Powershell\Constrained\Media\media.pssc” -RunAsCredential “domain\DelegatedAccount” -ShowSecurityDescriptorUI -Force

Here is a link to my pssc file and my script:

If anyone can shed some light here I would be very grateful.

I’m assuming you set up an endpoint that pre-runs a script, then - those run without interaction; they can’t have prompts.

You would typically have your menu script (what I call a controller script) run locally, and internally it would use Invoke-Command to send commands to the endpoint.

Sheesh - I spent 3 hours this morning pulling my hair out trying to get this to work and you sum up the solution in one line!

Thank you very much for replying - I’ll look at utilising the method you describe. And thanks to Jeff Hicks who via Twitter directed me to this forum.