New-PsSession 使用本地帐户失败
New-PsSession fails with local account
我正在通过 RDP 连接到工作组计算机,并正在尝试与域上的远程服务器建立 PowerShell 远程会话。
当我尝试使用其中一个本地管理员帐户连接到远程服务器时,出现以下错误:
new-pssession : [IP] Connecting to remote server IP failed with
the following error message : Access is denied. For more information,
see the about_Remote_Troubleshooting Help topic.
当我 运行 使用域管理员帐户连接时,连接工作正常。
$domainCred = Get-Credential
$localCred = Get-Credential
PS C:\Users\ss_synadmin> New-PSSession -ComputerName IP -Credential $localCred
New-PSSession : [IP] Connecting to remote server IP failed with the following error message :
Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName <IP> -Credential $localcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
PS C:\Users\ss_synadmin> New-PSSession -ComputerName <IP> -Credential $domainCred
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
16 Session16 IP Opened Microsoft.PowerShell Available
既然两个账户都是管理员,那有什么用呢?
糟糕,这是 LocalAccountTokenFilterPolicy 注册表项 (https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/support/troubleshooting#using-windows-admin-center-in-a-workgroup)。我是在工作组服务器上检查的,不是在域服务器上。
我正在通过 RDP 连接到工作组计算机,并正在尝试与域上的远程服务器建立 PowerShell 远程会话。
当我尝试使用其中一个本地管理员帐户连接到远程服务器时,出现以下错误:
new-pssession : [IP] Connecting to remote server IP failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
当我 运行 使用域管理员帐户连接时,连接工作正常。
$domainCred = Get-Credential
$localCred = Get-Credential
PS C:\Users\ss_synadmin> New-PSSession -ComputerName IP -Credential $localCred
New-PSSession : [IP] Connecting to remote server IP failed with the following error message :
Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName <IP> -Credential $localcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
PS C:\Users\ss_synadmin> New-PSSession -ComputerName <IP> -Credential $domainCred
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
16 Session16 IP Opened Microsoft.PowerShell Available
既然两个账户都是管理员,那有什么用呢?
糟糕,这是 LocalAccountTokenFilterPolicy 注册表项 (https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/support/troubleshooting#using-windows-admin-center-in-a-workgroup)。我是在工作组服务器上检查的,不是在域服务器上。