Powershell Remote AccessDeny on DomainController

Question

Hi,

I have a problem with the WinRM / Powershell Remote connection.

On a member server the system is working as expected on the Domain Controller always

---

Enter-PSSession : Connecting to remote server dc01.ad.qsu.abcdefg.de failed with the following error message :

Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

At line:1 char:1

• Enter-PSSession dc01.ad.qsu.abcdefg.de -Credential Domain4\admthiel ...

• 
      + CategoryInfo          : InvalidArgument: (dc01.ad.qsu.abcdefg.de:String) [Enter-PSSession], PSRemotingTra 
  
     nsportException 
  
      + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
  
  

---

What I Try to do.

My System is Member of Domain1

My LogIn-User is Member of Domain2

Target-System dc01.ad.qsu.abcdefg.de is Domain-Controller from Domain3

Connection Credentials are from Domain4

Domain3 and Domain4 have a One-WayTrust so that credentials from Domain4 can Logon to Domain3

I Have Created in Domain3 a LocalGroup and added this to Administrators and have added my Domain4 User to it.

a Logon to the Domain-Controller via RDP is working and a whoami /all will show the BUILTIN\Administrators group

the regkey for the LocalAccountTokenFilterPolicy  is set to 1

the funy thing is on a membr server in Domain3 where also the LocalGroup is Member of Administrators the WinRM / Powershell Remote will work.

Answer 1

Hi,

Please run Enable-PSRemoting on the domain controller to configure WinRM automatically. If the issue persists, try manually adding the trusted host on both sides. To add a trusted host in WinRM, you can use the following PowerShell command:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "machineName" -Concatenate