Direct Access Powershell commands using Invoke-Command

I have done a lot of testing and I have found that to use the RemoteAccess module PowerShell commands, such as Get-RemoteAccessConnectionStatistics, you need the following:

  1. User must be a member of the Administrators group on the DA server. All DA servers if you are load balanced.
  2. User must have write access to All GPO’s that apply to (created by) the installation of DA system.
  3. User must run powershell with elevated privileges.

As I do not want (not allowed) to give my helpdesk staff write access to GPO’s, I had the idea to create a service account with those privileges and use the Invoke-command with the service account username and password to run the command.
This brings me to my problem, while I can get the username and password securely set, when running this command “Invoke-Command –Computename –Credentials $Creds –Scriptblock { Get-RemoteAccessConnectionStatistics}” it returns an error “The specified directory service attribute or value does not exist.” After a few hours of research and testing I found that this error means that I am not running the command in an elevated state.

Is there a way to run Invoke-Command or possibly using the command with Cimsession or PSSession to run in an elevated state?

Check out “Secrets of PowerShell Remoting.” What you really need is a custom endpoint that allows only certain people to connect, and to run only certain commands, but runs those commands under alternate credentials. Built right into PowerShell. You may also need to enable CredSSP to get around the double-hop authentication issue - described in that same “Secrets” ebook.


Thank you for pointing me in the right direction. I have used your book PowerShell 3 in a Month of Lunches and Secrets of PowerShell Remoting for a while now. I was just not thinking the proper type of session.

Again Thanks