Windows 10: Windows Security change affecting PowerShell

The above example fails only when using non-Administrator credentials, and the connection is made back to the same machine (localhost). Administrator credentials still work. And the above scenario will work when remoting off-box to another machine.

Example of working loopback scenario

Code: # Create Admin credential PS > $adminCred = Get-Credential ~\AdminUser # Create a loopback remote session to custom endpoint using Admin credential PS > $session = New-PSSession -ComputerName localhost -ConfigurationName MyNonAdmin -Credential $adminCred PS > $session Id Name ComputerName ComputerType State ConfigurationName Availability -- ---- ------------ ------------ ----- ----------------- ------------ 1 WinRM1 localhost RemoteMachine Opened MyNonAdmin Available[/quote]
The above example uses Administrator credentials to the same MyNonAdmin custom endpoint, and the connection is made back to the same machine (localhost). The session is created successfully using Administrator credentials.

The breaking change is not in PowerShell but in a system security fix that restricts process creation between Windows sessions. This fix is preventing WinRM (which PowerShell uses as a remoting transport and host) from successfully creating the remote session host, for this particular scenario. There are no plans to update WinRM.

This affects Windows PowerShell and PowerShell Core 6 (PSCore6) WinRM based remoting.

This does not affect SSH remoting with PSCore6.

This does not affect JEA (Just Enough Administration) sessions.

A workaround for a loopback connection is to always use Administrator credentials.

Another option is to use PSCore6 with SSH remoting.

Paul Higinbotham
Senior Software Engineer
PowerShell Team

[/quote]
Source: Windows Security change affecting PowerShell | PowerShell Team Blog

:)

 

PowerShell instead of Commandline in Creators Update

Interestingly enough my personal laptop just got the update...and still has Command Prompt listed, not PowerShell...

Edit: Not that it matters...I use both regularly. *Toast :toast:

 

Windows powershell randomly popping up.

Hi Fabian,

Scheduled tasks that use Powershell can cause the Powershell window to appear periodically on your computer. We suggest that you check the Task Scheduler.

• Click on Start.
• In the search bar, type Task Scheduler and click on
  Task Scheduler in the results.
• Under Active Tasks, check for any tasks that use Powershell and the scheduled time.

Malware can also cause this issue. We suggest that you use Windows Defender or a third-party security software to scan your system.

Keep us updated with the results.

 

Administrator security settings keep changing

Hi Anthony,

Thank you for posting the query on Microsoft Community.

I do appreciate your efforts and time.

What error message do you get when you try to save and sync files?

I suggest you to try the steps below and check if it helps.

• Open command prompt and type the commands below (Type it in Search or Press Windows Logo Key+X. Click on Command Prompt admin).

dism /online /cleanup-image /restorehealth

sfc /scannow

powershell

Get-AppXPackage -AllUsers |Where-Object {$_.InstallLocation -like "*SystemApps*"} | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

• Close the Command Prompt window.

Try these steps as well.

• Open the properties of the main user profile folder where the files are located (such as Documents, Pictures, etc).
  
• Go to the Security tab and click Advanced.
• Check the box at the bottom of this window. It is labeled "Replace all child object permissions with inheritable permissions from this object" and then click Ok.
  

Hope this helps in resolving the issue. If the issue persists, do get back to us. We will be happy to assist you.