[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 56
  • Last Modified:

Open powershell with a 'regular user' on Server 2012R2

Hi,

We have a piece of software that runs a powershell command at startup to match the username and match it with active directory.

This works perfect on server 2008R2 but does not on server 2012R2.

If I login with my test user on RDS2012 and try to open powershell I get access denied.
I cannot open powershell.exe in C:\windows\system32\powershell\V1.0\powershell.exe but I can open it in the SysWow64 folder.

For example, I want to run the command "[System.Environment]::Username" when logged in as a normal user.

Do I somehow have to give permission to powershell?
0
Itxx
Asked:
Itxx
  • 2
1 Solution
 
oBdACommented:
Not a default "feature" of Server 2012, that's something specific to your environment. Users should be perfectly able to open a Powershell console - after all, with UAC enabled, administrators act as users as well.
There's a policy that can prevent access to command shells, but that should affect both x64 and x86 versions.
Can you "cd" into "C:\Windows\system32\powershell\V1.0"?
You might want to check the permissions on the x64 powershell.exe.
Default as obtained by cacls.exe:
NT SERVICE\TrustedInstaller:F
BUILTIN\Administrators:R
NT AUTHORITY\SYSTEM:R
BUILTIN\Users:R
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R

Open in new window

0
 
ItxxAuthor Commented:
Hi oBda,

UAC is disabled.

CD'ing in to "C:\Windows\system32\powershell\V1.0" works but cannot open powershell.
The permissions  on x64 powershell are the same as yours.

The permissions for x86 powershell are only SYSTEM & Administrators.
0
 
ItxxAuthor Commented:
Policy was preventing acces. Thanks!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now