Solved

Open powershell with a 'regular user' on Server 2012R2

Posted on 2016-12-01
3
42 Views
Last Modified: 2017-01-10
Hi,

We have a piece of software that runs a powershell command at startup to match the username and match it with active directory.

This works perfect on server 2008R2 but does not on server 2012R2.

If I login with my test user on RDS2012 and try to open powershell I get access denied.
I cannot open powershell.exe in C:\windows\system32\powershell\V1.0\powershell.exe but I can open it in the SysWow64 folder.

For example, I want to run the command "[System.Environment]::Username" when logged in as a normal user.

Do I somehow have to give permission to powershell?
0
Comment
Question by:Itxx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 41908565
Not a default "feature" of Server 2012, that's something specific to your environment. Users should be perfectly able to open a Powershell console - after all, with UAC enabled, administrators act as users as well.
There's a policy that can prevent access to command shells, but that should affect both x64 and x86 versions.
Can you "cd" into "C:\Windows\system32\powershell\V1.0"?
You might want to check the permissions on the x64 powershell.exe.
Default as obtained by cacls.exe:
NT SERVICE\TrustedInstaller:F
BUILTIN\Administrators:R
NT AUTHORITY\SYSTEM:R
BUILTIN\Users:R
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R

Open in new window

0
 
LVL 1

Author Comment

by:Itxx
ID: 41908679
Hi oBda,

UAC is disabled.

CD'ing in to "C:\Windows\system32\powershell\V1.0" works but cannot open powershell.
The permissions  on x64 powershell are the same as yours.

The permissions for x86 powershell are only SYSTEM & Administrators.
0
 
LVL 1

Author Closing Comment

by:Itxx
ID: 41908757
Policy was preventing acces. Thanks!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question