cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Local Administrator PSSession Access denied

gtvmark
Copper Contributor

‎Aug 26 2019 06:34 PM

‎Aug 26 2019 06:34 PM

Local Administrator PSSession Access denied

I've enabled PSRemoting on a number of servers.  And I can connect to them with my Domain Admin credentials without issues.

 

When I try to connect to that server with the local admin credentials I get an access denied.  

 

I can enter a pssession with my credentials to that server. (so PSRemoting is configured and working on this server)

I can enter a pssession with my credentials to another server. 

I can enter a pssession with local admin credentials to another server. (I have the localadmin credentials correct and using them correctly)

I cannot enter a pssession with local admin credentials to that server.

 

I have been through the about_remote_troubleshooting help topic, nothing seems relevant.

I've checked  the PSSessionConfiguration and it says that Builtin\Administrators are allowed, and I have checked the local group of the admin account and it is a member of the Administrators group.

I have checked the local admins password using System.DirectoryServices.AccountManagement.PrincipleContext().ValidateCredentials() and verified that it is correct.

I believe there is a misconfiguration on the server but don't know where to find it.

Can someone help?

 

Labels:
17.5K Views
0 Likes
4 Replies
Reply
4 Replies
Mikhail Shivtorov

‎Aug 29 2019 04:39 AM

‎Aug 29 2019 04:39 AM

Re: Local Administrator PSSession Access denied

I suggest you check this registry key value:

 

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/support/troubleshooting#...

 

What account are you using?

Make sure the credentials you are using are a member of the target server's local administrators group. In some cases, WinRM also requires membership in the Remote Management Users group. If you are using a local user account that is not the built-in administrator account, you will need to enable the policy on the target machine by running the following command in PowerShell or at a Command Prompt as Administrator on the target machine:

 

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

0 Likes
Reply
gtvmark

‎Aug 29 2019 06:42 PM

‎Aug 29 2019 06:42 PM

Re: Local Administrator PSSession Access denied

@Mikhail Shivtorov 

I've read that page and the local Administrator on the target machine is a member of the builtin administrators group. 

 

Which cases does it need remote management group and how do I find this out?

 

Is there a log showing "this user attempted to login and I denied them because..."

 

I've read through the remote troubleshooting and I can't see anything incorrect with the setup,  the groups are setup the same between the working and non working server but I can't work out what is wrong.

0 Likes
Reply
objectclass

‎Jan 29 2021 03:17 AM

‎Jan 29 2021 03:17 AM

Re: Local Administrator PSSession Access denied

@gtvmark 

 

Did you ever find any solution for this?

0 Likes
Reply
gtvmark

‎Jan 29 2021 04:18 AM

‎Jan 29 2021 04:18 AM

Re: Local Administrator PSSession Access denied

@objectclass  Unfortunately I had forgotten about this, I can't even remember which server I was having the issue with.   I have a vague memory of something specific to that account on that machine, and adding another account, or putting a domain user into the Administrators group was the work around.  I'm guessing that as I've forgotten about it, that I did manage to work around it.

0 Likes
Reply