Solved

Open powershell with a 'regular user' on Server 2012R2

Posted on 2016-12-01
3
37 Views
Last Modified: 2017-01-10
Hi,

We have a piece of software that runs a powershell command at startup to match the username and match it with active directory.

This works perfect on server 2008R2 but does not on server 2012R2.

If I login with my test user on RDS2012 and try to open powershell I get access denied.
I cannot open powershell.exe in C:\windows\system32\powershell\V1.0\powershell.exe but I can open it in the SysWow64 folder.

For example, I want to run the command "[System.Environment]::Username" when logged in as a normal user.

Do I somehow have to give permission to powershell?
0
Comment
Question by:Itxx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 41908565
Not a default "feature" of Server 2012, that's something specific to your environment. Users should be perfectly able to open a Powershell console - after all, with UAC enabled, administrators act as users as well.
There's a policy that can prevent access to command shells, but that should affect both x64 and x86 versions.
Can you "cd" into "C:\Windows\system32\powershell\V1.0"?
You might want to check the permissions on the x64 powershell.exe.
Default as obtained by cacls.exe:
NT SERVICE\TrustedInstaller:F
BUILTIN\Administrators:R
NT AUTHORITY\SYSTEM:R
BUILTIN\Users:R
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R

Open in new window

0
 
LVL 1

Author Comment

by:Itxx
ID: 41908679
Hi oBda,

UAC is disabled.

CD'ing in to "C:\Windows\system32\powershell\V1.0" works but cannot open powershell.
The permissions  on x64 powershell are the same as yours.

The permissions for x86 powershell are only SYSTEM & Administrators.
0
 
LVL 1

Author Closing Comment

by:Itxx
ID: 41908757
Policy was preventing acces. Thanks!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will help you understand what HashTables are and how to use them in PowerShell.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question