Chapters/just-enough-administration-primer/RegisterEndpoint.ps1

#Requires -version 5.1

<#
this needs to be run ON the remote server which means you'll need
to copy .psrc and .pscc files to the server
#>


$s = New-PSSession -ComputerName chi-fp02

#copy the pssc file to C:\ or some remote folder
Copy-Item .\shareadmin.pssc  -Destination C:\ -ToSession $s -force

#copy the module with the role configuration
Copy-Item .\ShareAdmin -Container -Recurse -Destination 'C:\Program Files\WindowsPowerShell\Modules' -ToSession $s -Force

#register everything. WinRM will restart breaking any existing sessions
Invoke-Command {
 Register-PSSessionConfiguration -Path c:\shareadmin.pssc -Name "ShareAdmins"
} -Session $s

#look at the new session configuration
Invoke-Command {
Get-PSSessionConfiguration ShareAdmins | Select-Object -Property *
} -computername chi-fp02

#this won't work in a remoting session without CredSSP
#you would have to run it ON the server to see what the user has access to.
Get-PSSessionCapability -ConfigurationName ShareAdmins -Username company\jshields

#test with a user that is a member of the group
$cred = Get-Credential company\jshields

Enter-PSSession -ComputerName chi-fp02 -ConfigurationName ShareAdmins -Credential $cred

#remove the configuration
Invoke-Command {
 Unregister-PSSessionConfiguration -Name shareadmins
} -computername chi-fp02
 at the new session configuration

Invoke-Command {

Get-PSSessionConfiguration ShareAdmins | Select-Object -Property *

} -computername chi-fp02



#this won't work in a remoting session without CredSSP #you would have to run it ON the server to see what the user has access to. Get-PSSessionCapability -ConfigurationName ShareAdmins -Username company\jshields #test with a user that is a member of the group $cred = Get-Credential company\jshields Enter-PSSession -ComputerName chi-fp02 -ConfigurationName ShareAdmins -Credential $cred #remove the configuration Invoke-Command { Unregister-PSSessionConfiguration -Name shareadmins } -computername chi-fp02