[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Open powershell with a 'regular user' on Server 2012R2

Posted on 2016-12-01
3
Medium Priority
?
53 Views
Last Modified: 2017-01-10
Hi,

We have a piece of software that runs a powershell command at startup to match the username and match it with active directory.

This works perfect on server 2008R2 but does not on server 2012R2.

If I login with my test user on RDS2012 and try to open powershell I get access denied.
I cannot open powershell.exe in C:\windows\system32\powershell\V1.0\powershell.exe but I can open it in the SysWow64 folder.

For example, I want to run the command "[System.Environment]::Username" when logged in as a normal user.

Do I somehow have to give permission to powershell?
0
Comment
Question by:Itxx
  • 2
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 41908565
Not a default "feature" of Server 2012, that's something specific to your environment. Users should be perfectly able to open a Powershell console - after all, with UAC enabled, administrators act as users as well.
There's a policy that can prevent access to command shells, but that should affect both x64 and x86 versions.
Can you "cd" into "C:\Windows\system32\powershell\V1.0"?
You might want to check the permissions on the x64 powershell.exe.
Default as obtained by cacls.exe:
NT SERVICE\TrustedInstaller:F
BUILTIN\Administrators:R
NT AUTHORITY\SYSTEM:R
BUILTIN\Users:R
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R

Open in new window

0
 
LVL 1

Author Comment

by:Itxx
ID: 41908679
Hi oBda,

UAC is disabled.

CD'ing in to "C:\Windows\system32\powershell\V1.0" works but cannot open powershell.
The permissions  on x64 powershell are the same as yours.

The permissions for x86 powershell are only SYSTEM & Administrators.
0
 
LVL 1

Author Closing Comment

by:Itxx
ID: 41908757
Policy was preventing acces. Thanks!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief introduction to what I consider to be the best editor for PowerShell.
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question