Forum Discussion
[powershell]Help!I can't use 'new-pssession' to connect localhost.
I have open the "winrm" and run it.
I have set the firewall to pass
even close the firewll .
but I cant connect any computer .
look at this picture .
5 Replies
- 🙂 ..woops
Hi, Mingzhi.
The error is "access denied", meaning you can connect to WinRM (meaning this has nothing to do with the Windows Firewall) but are actively being refused access.
Try including the -EnableNetworkAccess parameter as shown below.
$Session = New-PSSession -EnableNetworkAccess;Example illustration:
Cheers,
Lain
- OMG! that is working now !!!
Thank you for your reply !!!
I can kiss your **bleep**,if you can explain it more , Why I need this parameter.I can't bring myself to provide a thorough explanation, as it would require me to speak to complex topics involving the Local Security Authority (LSA) and tokens - which I'd have to refresh my memory on, but I'll try and provide a simple explanation.
When you log on (which is what you're doing when you call New-PSSession), the LSA creates something called a token, which you can think of as a table where each row says what you are allowed to access.
When you run New-PSSession without specifying the "ComputerName" parameter, you create something called a "loopback session" where the LSA does not add the "interactive" reference to your token. This results in the "access denied" error, as something called "delegation" of the credential is not permitted.
When you run New-PSSession with the -EnableNetworkAccess parameter, you tell PowerShell to create a session where the "interactive" is added, which in turn allows credential delegation to succeed, which in turn solves the "access denied" error.
I'm not really sure if this makes any sense to you but that's about as simple an explanation I can come up with on short notice. You can read more about it in the following link, and for -in-depth explanations, you can search separately for "LSA token".
Cheers,
Lain
