I have done a lot of testing and I have found that to use the RemoteAccess module PowerShell commands, such as Get-RemoteAccessConnectionStatistics, you need the following:
- User must be a member of the Administrators group on the DA server. All DA servers if you are load balanced.
- User must have write access to All GPO’s that apply to (created by) the installation of DA system.
- User must run powershell with elevated privileges.
As I do not want (not allowed) to give my helpdesk staff write access to GPO’s, I had the idea to create a service account with those privileges and use the Invoke-command with the service account username and password to run the command.
This brings me to my problem, while I can get the username and password securely set, when running this command “Invoke-Command –Computename –Credentials $Creds –Scriptblock { Get-RemoteAccessConnectionStatistics}” it returns an error “The specified directory service attribute or value does not exist.” After a few hours of research and testing I found that this error means that I am not running the command in an elevated state.
Is there a way to run Invoke-Command or possibly using the command with Cimsession or PSSession to run in an elevated state?