Solved

Open powershell with a 'regular user' on Server 2012R2

Posted on 2016-12-01
3
24 Views
Last Modified: 2017-01-10
Hi,

We have a piece of software that runs a powershell command at startup to match the username and match it with active directory.

This works perfect on server 2008R2 but does not on server 2012R2.

If I login with my test user on RDS2012 and try to open powershell I get access denied.
I cannot open powershell.exe in C:\windows\system32\powershell\V1.0\powershell.exe but I can open it in the SysWow64 folder.

For example, I want to run the command "[System.Environment]::Username" when logged in as a normal user.

Do I somehow have to give permission to powershell?
0
Comment
Question by:Itxx
  • 2
3 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 41908565
Not a default "feature" of Server 2012, that's something specific to your environment. Users should be perfectly able to open a Powershell console - after all, with UAC enabled, administrators act as users as well.
There's a policy that can prevent access to command shells, but that should affect both x64 and x86 versions.
Can you "cd" into "C:\Windows\system32\powershell\V1.0"?
You might want to check the permissions on the x64 powershell.exe.
Default as obtained by cacls.exe:
NT SERVICE\TrustedInstaller:F
BUILTIN\Administrators:R
NT AUTHORITY\SYSTEM:R
BUILTIN\Users:R
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R

Open in new window

0
 
LVL 1

Author Comment

by:Itxx
ID: 41908679
Hi oBda,

UAC is disabled.

CD'ing in to "C:\Windows\system32\powershell\V1.0" works but cannot open powershell.
The permissions  on x64 powershell are the same as yours.

The permissions for x86 powershell are only SYSTEM & Administrators.
0
 
LVL 1

Author Closing Comment

by:Itxx
ID: 41908757
Policy was preventing acces. Thanks!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question