Enabling Remote PowerShell Access for Secondary Administrators

If you want to use PowerShell Remoting to run scripts on a remote computer using an account other than the target machine’s built-in administrator account, you will  need to do a couple of things:

  1. On the target machine, create another user account and add it to the built-in “Administrators” group
  2. Set the HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System/LocalAccountTokenFilterPolicy (DWORD) to a value of 1 (you may need to add the LocalAccountTokeFilterPolicy DWORD value if it doesn’t exist). See http://support.microsoft.com/kb/942817/en-us for more details. 

Once you can do that you can use a Enter-PSSession or Invoke-Command with the credentials you created to remotely run PowerShell scripts against the target machine.

And yes, this applies to remoting into Azure Virtual Machines as well.  Just be aware that for Azure VMs you will need to import the certificate for the remote VM before you can successfully authenticate. 

For more info, check out Michael Washam’s “Introduction to Remote PowerShell with Windows Azure” and Jennelle Crother’s “The Imperfect Lab: Letting Additional Administrators Remotely Connect to Servers” .

Leave a Reply