JEA with Powershell

Hi All,

My requirement was instead of giving full administrative rights, give some specific cmdlets right to a group of user. To perform this I am using JEA this works awesome in local machine with admin creds logged in i.e

Enter-PSSession -ComputerName localhost -ConfigurationName Clients

so through this i can see only limited cmdlets which i have given access to them, but when i am performing the same from remote machine its not working. i.e.

Enter-PSSession -ComputerName “TestServer” -ConfigurationName Clients [gives ERROR]

My question is do i need to pass admin creds to this bcz its working then

Enter-PSSession -ComputerName “TestServer” -Credentials “Administrator” -ConfigurationName Clients (This Works)

, but whats the point then i don’t want to share admin creds with my clients. Kindly suggest on this. I only want the client group to provide the configuration name so that they can take pssession with it without passing admin creds.

You will need to map the jea roles to users or groups so they can connect to the session you have setup.

For your reading pleasure https://msdn.microsoft.com/powershell/jea/session-configurations

Are you able to post your session configuration file? What’s the error you get when you try and enter-PSSession from a remote machine?

As Jon said, in your session configuration file you need to map your role capabilities to a group in Active Directory. See below for an example of what your PSSC file might look like.

SchemaVersion = '2.0.0.0'
GUID = 'GUID HERE'
SessionType = 'RestrictedRemoteServer'
RunAsVirtualAccount = $true
RoleDefinitions = @{
    DOMAIN\GROUP' = @{
        'RoleCapabilities' = 'Clients' } }
}