Best way to give restricted execute access on pssession to remote user on a server

we have some windows 2008 R2 development environment servers. On these servers we are planning to provide access to developers via PSremoting. We want to restrict the users in such a way that they can only run .bat files present in a certain UNC path. What is the best way to achieve the same. Can we create a PSSession Configuration for this?

Please note that we are planning to enable WSmanCredSSP on client (it is already enabled on server).
Also, is it possible to give such an access where user can only login to server using powershell's PSsession and not through interactive remote desktop connection.

September 29th, 2014 5:05pm

Hi  ApoorvaW,

If you want to setup a restricted pssession, please try to set the session configuration with the cmdlet:

Register-PSSessionConfiguration

Securing Session Configurations
You can assign session configurations to users automatically. For example, you may want to restrict the commands in a session that are available to some users. This is done in a two-step-process:

1. Create a new session configuration that restricts the session to only a subset of commands.

2. Change security access permissions so that the intended users can only access the new session configuration.

For more detailed information about restricted session and paremoting security, please refer to these articles:

PowerShell Remoting: How to Restrict User Commands

Restrict Session

If there is anything else regarding ths issue, please feel free to pst back.

Best Regards,

Anna Wang

Free Windows Admin Tool Kit Click here and download it now
October 2nd, 2014 2:02pm

Hi  ApoorvaW,

If you want to setup a restricted pssession, please try to set the session configuration with the cmdlet:

Register-PSSessionConfiguration

Securing Session Configurations
You can assign session configurations to users automatically. For example, you may want to restrict the commands in a session that are available to some users. This is done in a two-step-process:

1. Create a new session configuration that restricts the session to only a subset of commands.

2. Change security access permissions so that the intended users can only access the new session configuration.

For more detailed information about restricted session and paremoting security, please refer to these articles:

PowerShell Remoting: How to Restrict User Commands

Restrict Session

If there is anything else regarding ths issue, please feel free to pst back.

Best Regards,

Anna Wang

October 2nd, 2014 2:02pm

Thanks Anna for your helpful reply. I tried an this worked very well. But for this to work I had to enable credssp protocol. This protocol is not allowed as per my firms security standards. (I had got an exception for the test only) Is there any other way possible?

In Unix we have PUTTY to allow users to login to Unix servers with restricted privileges and a large number of users can login at the same time. can we not have something like that for Windows servers??

Free Windows Admin Tool Kit Click here and download it now
March 20th, 2015 2:10am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics