JEA to enable remote user (No Admins) to reboot a system / event id 10016 COM 9CA88EE3-ACB7-47C8-AFC4-AB702511C276

David Scholz 21 Reputation points
2020-08-21T11:44:33.703+00:00

Hi
I've tried to use Powershell JEA to enable a group of normal users to run the cmdlet 'restart-computer', but when the user runs the command we get Event ID 1001 in Eventlog.

The users are allowed to execute the cmdlets 'restart-computer' and 'get-process', and get-process runs just fine! But not the restart-computer.

I've added the AD Group containing the users to the servers local Backup Operators group, but still no success.

Any ideas?! I don't want to add the group to local Administrators group, as this would be a little to much rights for non-admin users, as I've tried to restrict rights with JEA.. ;-)

thx for your support and ideas.

rgds

David

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
4,627 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Rich Matheisen 35,191 Reputation points
    2020-08-21T14:54:47.027+00:00

    Are you running the Restart-Computer locally or remotely? IIRC, the Backup Operators group has the necessary rights to restart the computer locally but only Administrators can do that remotely.

    PowerShell JEA allows/restricts access to cmdlets, parameters, and executables but it doesn't alter the rights needed to perform the work.