Search code examples
powershellpowershell-remoting

New-PSSession fails remotely, works locally

Remote PC: Windows 10 Client My PC: Windows 10 Client

On the remote PC:

  • I can open the PSSession by running the PowerShell as an administrator and using the command
New-PSSession -EnableNetworkAccess
  • if I don't add the -EnableNetworkAccess parameter, it does not work, always giving "Access is denied" error

When I try to connect from my PC to the remote PC, I always get the "New-PSSession : [localhost] Connecting to remote server localhost failed with the following error message : Access is denied." error.

  • the remote PC is in the trustedHosts list (both as a name and as an IP)
  • my PC is in the trustedHosts list on the remote PC (both as a name and as an IP)
  • the current user on my PC is the same as the Administrator on the Remote PC with which I successfully accesses the New-Session locally on the Remote-PC
  • ran Enable-PSRemote on both PCs
  • turned Firewalls on both PC's off completely
  • tried running the following commads (from elevated and non-elevated PS):
    New-PSSession -RemoteComputer <remoteComputerName>   
    New-PSSession -RemoteComputer <remoteComputerName> -EnableNetworkAccess
    New-PSSession -RemoteComputer <remoteComputerIP>
    New-PSSession -RemoteComputer <remoteComputerIP> -EnableNetworkAccess
    $cred=Get-Credential
    New-PSSession -RemoteComputer <remoteComputerIP> -EnableNetworkAccess -Credential $cred
  • winrs works well between the same two PCs, for example:
    winrs -r:<IP> -u:<userName> -p:<password> cmd.exe
  • read all the documentation on the following links:

https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.2 https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_requirements?view=powershell-7.2 https://learn.microsoft.com/en-

But maybe I am missing something very basic here. Does the remote PC need to be a Windows Server perhaps?

Solution

  • This answer solved my issue.

    On all systems to which I want to remote-in (remote and localhost) the following command needs to be executed:

    Set-ItemProperty -Name LocalAccountTokenFilterPolicy -Value 1 -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System