none
WSMAN Remote Shells and privileges RRS feed

  • Question

  • Hello,

    I am using WSMAN to remotely execute DCDiag.exe on domain controllers.  I'm creating a remote shell with WINRS_NOPROFILE set to FALSE.  I'm connecting from Linux, sending encrypted HTTP messages over winrm, using an enterprise level administrator user.  This works fine for a small domain, but larger domains with several zones show Access is Denied (5) errors during the /KnowsOfRoleHolders test.  If dcdiag is run directly on the domain controller with the same user, the test does not fail.

    So, what I need to know is this:  Is it possible to make the remote shell truly run with elevated privileges?

    Thanks

    Dave

    Thursday, May 21, 2015 7:27 PM

Answers

All replies

  • Hello rocklobster72

    Thank you for contacting Microsoft Support. A support engineer will contact you shortly to assist further.

    Regards.


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team

    Thursday, May 21, 2015 7:50 PM
  • Hi,

    Can send a message to my attention at dochelp ( at ) Microsoft (dot) com?

    Please mention this thread in your message.

    Thank you,

    Edgar

    Friday, May 22, 2015 3:38 PM
    Moderator
  • Hi,

    I haven’t heard from you since my previous message. This appears a permission issue, which could be many things, e.g. the service’s account, or what privileges are granted, delegation, etc. With several domains and zones, trust relationships are at play as well.

    The Platforms team is experienced in configuration and privileges required on Windows to run various operations. Please post your question at the following forum to request assistance.   

    https://social.technet.microsoft.com/Forums/windowsserver/en-us/home?category=windowsserver

    Thanks,

    Edgar
    Monday, June 1, 2015 10:00 PM
    Moderator
  • Hi Edgar, 

    I was away on holiday.  Thank you for your assistance.  I will ask the platforms team.

    dave

    Thursday, June 4, 2015 3:56 PM