在非管理员用户下从远程运行 PS cmdlet - 拒绝访问 [英] Running PS cmdlets from remote under non-admin users - Access Denied
问题描述
我正在尝试通过 Invoke-Command 远程运行 Get-ScheduledTask.该用户不是管理员,但属于远程管理用户".PS-Remoting 工作正常.在本地运行命令工作正常.但是通过 Invoke-Command 运行它会出现以下错误:
I'm trying to run Get-ScheduledTask remotely through Invoke-Command. The user is a non-admin but is a part of the "Remote Management Users". PS-Remoting works fine. Running the command locally works fine. But running it through Invoke-Command gets me the following error:
Cannot connect to CIM server. Access denied
+ CategoryInfo : ResourceUnavailable: (MSFT_ScheduledTask:String) [Get-ScheduledTask], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-ScheduledTask
+ PSComputerName : us-web1
这是代码示例:
$servers = "us-web1","us-web2","us-engine1","us-engine2","us-engine3","us-engine4"
foreach ( $server in $servers ) {
Invoke-Command -ComputerName "$server" -ScriptBlock {
get-scheduledtask
}
}
推荐答案
我在尝试在没有管理员凭据的情况下远程使用 get-printer 命令时遇到了非常相似的问题.
I was having a very similar issue with trying to use the get-printer command remotely without admin credentials.
What I found really helped was this link: https://social.technet.microsoft.com/Forums/exchange/en-US/b748d1bb-fa97-4c30-a626-145dfbc40873/service-acccount-permission-to-remote-powershell-to-dns-server-on-windows-server-2012?forum=winserverpowershell
我用于解决问题的流程是:
The process that I used for my issue was:
打开计算机管理控制台.右键单击 WMI 控件(在服务和应用程序下)并单击属性.
Open Computer Management Console. Right click WMI Control (under Services and Applications) and click property.
在新打开的窗口中,单击安全"选项卡.
In the newly open Window, click on Security tab.
展开根树,然后点击节点CIMV2,点击安全按钮
Expand Root tree, and then click on the node CIMV2, and click the button security
在新打开的窗口中,单击高级按钮.
In the newly open Window, click the button Advanced.
在新打开的窗口中,单击权限选项卡下的添加按钮.
In the newly open Window, click the button Add under the permission tab.
在新打开的窗口中,点击选择委托人",然后搜索并添加您想要作为委托人访问的帐户或组,然后点击确定.
In the newly open Window, click on "select a principal", then search and add the account or group you want to have access as the principal, then click ok.
在适用于中,选择此命名空间和子命名空间".
In the applies to, choose "this namespace and subnamespace".
对于权限,请选中执行方法"、启用帐户"和远程启用"
For the permission, check on "Execute Methods", "Enable Accounts" and "Remote Enable"
在所有打开的对话框上点击接受
Click accept on all the open dialogue boxes
重启 WMI 服务
再次尝试远程运行您的命令.它会再次失败,但这次你会看到真正的问题.查看权限被拒绝"的错误,然后按照与上述相同的步骤操作并授予对所示路径的访问权限.
attempt remotely running your command again. It will fail again, but this time you will see the real issue. Look in the error for "permission denied" then follow the same steps as above and grant access to the path shown.
希望能帮到你
这篇关于在非管理员用户下从远程运行 PS cmdlet - 拒绝访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
