Windows 10: Windows Security change affecting PowerShell

Discus and support Windows Security change affecting PowerShell in Windows 10 News to solve the problem; The recent (1/8/2019) Windows security patch CVE-2019-0543, has introduced a breaking change for a PowerShell remoting scenario. It is a narrowly... Discussion in 'Windows 10 News' started by Brink, Jan 11, 2019.

  1. Brink Win User

    Windows Security change affecting PowerShell


    The above example fails only when using non-Administrator credentials, and the connection is made back to the same machine (localhost). Administrator credentials still work. And the above scenario will work when remoting off-box to another machine.

    Example of working loopback scenario

    Code: # Create Admin credential PS > $adminCred = Get-Credential ~\AdminUser # Create a loopback remote session to custom endpoint using Admin credential PS > $session = New-PSSession -ComputerName localhost -ConfigurationName MyNonAdmin -Credential $adminCred PS > $session Id Name ComputerName ComputerType State ConfigurationName Availability -- ---- ------------ ------------ ----- ----------------- ------------ 1 WinRM1 localhost RemoteMachine Opened MyNonAdmin Available[/quote]
    The above example uses Administrator credentials to the same MyNonAdmin custom endpoint, and the connection is made back to the same machine (localhost). The session is created successfully using Administrator credentials.

    The breaking change is not in PowerShell but in a system security fix that restricts process creation between Windows sessions. This fix is preventing WinRM (which PowerShell uses as a remoting transport and host) from successfully creating the remote session host, for this particular scenario. There are no plans to update WinRM.

    This affects Windows PowerShell and PowerShell Core 6 (PSCore6) WinRM based remoting.

    This does not affect SSH remoting with PSCore6.

    This does not affect JEA (Just Enough Administration) sessions.

    A workaround for a loopback connection is to always use Administrator credentials.

    Another option is to use PSCore6 with SSH remoting.

    Paul Higinbotham
    Senior Software Engineer
    PowerShell Team

    [/quote]
    Source: Windows Security change affecting PowerShell | PowerShell Team Blog

    :)
     
    Brink, Jan 11, 2019
    #1
  2. Kursah Win User

    PowerShell instead of Commandline in Creators Update

    Interestingly enough my personal laptop just got the update...and still has Command Prompt listed, not PowerShell...

    Edit: Not that it matters...I use both regularly. *Toast :toast:
     
    Kursah, Jan 11, 2019
    #2
  3. Gino Des Win User
    Windows powershell randomly popping up.

    Hi Fabian,

    Scheduled tasks that use Powershell can cause the Powershell window to appear periodically on your computer. We suggest that you check the Task Scheduler.

    • Click on Start.
    • In the search bar, type Task Scheduler and click on
      Task Scheduler
      in the results.
    • Under Active Tasks, check for any tasks that use Powershell and the scheduled time.

    Malware can also cause this issue. We suggest that you use Windows Defender or a third-party security software to scan your system.

    Keep us updated with the results.
     
    Gino Des, Jan 11, 2019
    #3
  4. Windows Security change affecting PowerShell

    Administrator security settings keep changing

    Hi Anthony,

    Thank you for posting the query on Microsoft Community.

    I do appreciate your efforts and time.

    What error message do you get when you try to save and sync files?

    I suggest you to try the steps below and check if it helps.

    • Open command prompt and type the commands below (Type it in Search or Press Windows Logo Key+X. Click on Command Prompt admin).
    dism /online /cleanup-image /restorehealth

    sfc /scannow

    powershell

    Get-AppXPackage -AllUsers |Where-Object {$_.InstallLocation -like "*SystemApps*"} | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

    • Close the Command Prompt window.
    Try these steps as well.

    • Open the properties of the main user profile folder where the files are located (such as Documents, Pictures, etc).
    • Go to the Security tab and click Advanced.
    • Check the box at the bottom of this window. It is labeled "Replace all child object permissions with inheritable permissions from this object" and then click Ok.
    Hope this helps in resolving the issue. If the issue persists, do get back to us. We will be happy to assist you.
     
    Kalpana Shankarappa, Jan 11, 2019
    #4
Thema:

Windows Security change affecting PowerShell

Loading...
  1. Windows Security change affecting PowerShell - Similar Threads - Security change affecting

  2. Changing pc components affect windows activation?

    in Windows 10 Installation and Upgrade
    Changing pc components affect windows activation?: Im going to swap components from 2 of my computers.Almost everything the cpu ram mobo and gpu,but not the hardrive.Both of my pcs have activated windows on them so if i swap the components between them will remove my activation?or is there anything i need to do....
  3. security change

    in Windows 10 Customization
    security change: I put in a request for a security change and I want to cancel it but the telephone number for you to send me a code is presently out of service but I have a new York number but I can't get you to access it. Help...
  4. Affect of changing Microsoft account password

    in AntiVirus, Firewalls and System Security
    Affect of changing Microsoft account password: does changing my Microsoft account password change the password for me to log into my computer in Windows 10 https://answers.microsoft.com/en-us/windows/forum/windows_10-security/affect-of-changing-microsoft-account-password/d3037196-2d70-4cf7-a5be-44a629c7a206"
  5. Could Changing Display Resolution Affect Files?

    in Windows 10 Customization
    Could Changing Display Resolution Affect Files?: Hi, If I went from the highest (recommended) display resolution to a lower one, and changed it back to the highest resolution, will my videos and images look exactly like they did before? When I go to a lower display resolution, are videos and images still at their...
  6. Infineon TPM Security Vulnerablity - Is my TPM affected by this?

    in AntiVirus, Firewalls and System Security
    Infineon TPM Security Vulnerablity - Is my TPM affected by this?: Judging from the attached image of my TPM manufacturer information by going into the TPM.msc properties, is my TPM affected by the Infineon TPM chip security vulnerability? TPMupdate - Infineon Technologies ROCA: Infineon TPM and Secure Element RSA Vulnerability Guidance...
  7. Windows 10 Powershell Invoke-WebRequest “Windows Security Warning ”

    in Windows 10 Software and Apps
    Windows 10 Powershell Invoke-WebRequest “Windows Security Warning ”: Alright this is one big problem in my opinion that Microsoft needs to address immediately. Steps to reproduce this: powershell> Invoke-WebRequest "anywebsitewithcookies.com" (Let's do microsoft.com for example) What happens is that you get the following warning: [img]...
  8. Change PowerShell To Command Prompt

    in Windows 10 Support
    Change PowerShell To Command Prompt: How do you change from PowerShell to Command Prompt using file explorer ? 104838
  9. Powershell GUI Change

    in Windows 10 Support
    Powershell GUI Change: Hi everyone! I recently notice that my powershell change his skin and i don't why. I try to run sfc command but nothing has been found. try to uncheck powershell 2.0 from turn windows features off or on but no luck. The powershell work perfect on cmd terminal but not for...
  10. All windows affected by Security Flaw

    in Windows 10 News
    All windows affected by Security Flaw: All versions of Windows affected by critical security flaw | ZDNet 26337