Permissions to connect to a computer remotely in Windows PowerShell are governed by the permissions set for the session configurations on the computer. To establish a PSSession or run a command on a remote computer, the user must have permission to use at least one session configuration on the remote computer. By default, only members of the Administrators group on a computer have permission to use the default session configurations and, therefore, only members of the Administrators group can connect to the computer remotely.
To allow other users to connect to the local computer, edit the permissions of at least one session configuration on the local computer. If you edit the permissions of the default session configuration, users who are not administrators can connect remotely without specifying a session configuration. You can also create a session configuration specifically for all or selected non-administrator users.
If users try to connect to a remote computer when they do not have sufficient permission, Windows PowerShell generates the following error message.
 Copy Code |
|
|---|---|
ERROR:ACCESS IS DENIED |
|
To enable remoting for non-administrative users
-
To change the permissions to a session configuration, use the ShowSecurityDescriptorUI parameter of the Set-PSSessionConfiguration cmdlet. This parameter opens a property sheet that lets you change the security descriptor of the specified session configuration.
The following command opens the permissions property sheet for the Microsoft.PowerShell session configuration on the local computer.
Copy CodeSet-PSSessionConfiguration Microsoft.Powershell -ShowSecurityDescriptorUI
-
To enable users to connect remotely, give the user Execute permissions to connect to the local computer remotely.