To enable other computers to connect to the local computer and run remote commands, the local computer must include session configurations. Among other things, the session configurations determine who can connect to the computer remotely. The default session configurations, Microsoft.PowerShell, and Microsoft.PowerShell32 (64-bit only), are used whenever a remote command does not include the ConfigurationName parameter or when the value of the ConfigurationName parameter is the name of a default session configuration. If the default session configurations are deleted, remote commands that require them will fail.

The Enable-PSRemoting function creates default session configurations on the local computer. If a default session configuration is unregistered or deleted, use the Enable-PSRemoting function to re-create it.

If the default configuration is changed unintentionally, use the Unregister-PSSessionConfiguration cmdlet to delete it and then use the Enable-PSRemoting function to re-create it. When Enable-PSRemoting restores a default session configuration, it does not does not create explicit security descriptors for the configurations. Instead, the configurations inherit the security descriptor of the RootSDDL. Therefore, you might want to view and adjust the security descriptor for the default session configuration.

The Enable-PSRemoting function does not delete or change existing session configurations. If you have changed the default session configuration, you can still use the Enable-PSRemoting function for other purposes. For more information about session configurations, see about_Session_Configurations.

To create the default session configurations

  1. Start Windows PowerShell with the Run as administrator option.

  2. Run an Enable-PSRemoting command.

      Copy Code
    enable-psremoting
    

To restore the default session configurations

  1. Start Windows PowerShell with the Run as administrator option.

  2. Run an Unregister-PSSessionConfiguration command to unregister the default session configuration.

      Copy Code
    unregister-pssessionconfiguration microsoft.powershell
    
  3. Run an Enable-PSRemoting command to create a new default session configuration.

      Copy Code
    enable-psremoting
    

To view the security descriptor of the RootSDDL

  1. Start Windows PowerShell with the Run as administrator option.

  2. Run a Get-Item command in the Service\RootSDDL directory of the WSMan: drive. Localhost is the local computer. This displays the default security descriptor.

      Copy Code
    get-item wsman:\localhost\Service\RootSDDL
    

To change the security descriptor of the RootSDDL

  1. Start Windows PowerShell with the Run as administrator option.

  2. Run a Set-Item command in the Service\RootSDDL directory of the WSMan: drive. Localhost is the local computer.

    The following command resets the RootSDDL value to its original value.

      Copy Code
    set-item -path wsman:\localhost\Service\RootSDDL -value "O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)"
    

To change the security descriptor of the default session configuration

  1. Start Windows PowerShell with the Run as administrator option.

  2. Use the Set-PSSessionConfiguration cmdlet with the SecurityDescriptorSDDL or ShowSecurityDescriptorUI parameter.

    The following command displays a Permissions dialog box that lets you set the security descriptor for the Microsoft.PowerShell session configuration.

      Copy Code
    Set-PSSessionConfiguration -name Microsoft.PowerShell -ShowSecurityDescriptorUI
    

See Also