Chapters/just-enough-administration-primer/RegisterEndpoint.ps1
|
#Requires -version 5.1 <# this needs to be run ON the remote server which means you'll need to copy .psrc and .pscc files to the server #> $s = New-PSSession -ComputerName chi-fp02 #copy the pssc file to C:\ or some remote folder copy .\shareadmin.pssc -Destination C:\ -ToSession $s -force #copy the module with the role configuration copy .\ShareAdmin -Container -Recurse -Destination 'C:\Program Files\WindowsPowerShell\Modules' -ToSession $s -Force #register everything. WinRM will restart breaking any existing sessions invoke-command { Register-PSSessionConfiguration -Path c:\shareadmin.pssc -Name "ShareAdmins" } -Session $s #look at the new session configuration invoke-command { Get-PSSessionConfiguration ShareAdmins | Select * } -computername chi-fp02 #this won't work in a remoting session without CredSSP #you would have to run it ON the server to see what the user has access to. Get-PSSessionCapability -ConfigurationName ShareAdmins -Username company\jshields #test with a user that is a member of the group $cred = get-credential company\jshields Enter-PSSession -ComputerName chi-fp02 ` -ConfigurationName ShareAdmins ` -Credential $cred #remove the configuration Invoke-command { Unregister-PSSessionConfiguration -Name shareadmins } -computername chi-fp02 |