Insert Remote PowerShell Commands

Privilege Management for Windows provides an additional level of granularity for management of remote PowerShell cmdlets to ensure that you can execute these commands without needing local administrator privileges on the target computer.

Get-service -Name *time* | restart-Service –PassThru

Privilege Management for Windows allows you to target specific command strings and assign privileges to the command without granting local admin rights to the user. Commands can also be blocked if they are not authorized or allowed. All remote PowerShell commands are fully audited for visibility.

In order to allow standard users to connect to a remote computer via Windows Remote Management, or WinRM (a privilege normally reserved for local administrator accounts), it is necessary to enable the General Rule Enable Windows Remote Management Connections. This rule grants standard users who match the Privilege Management for Windows Workstyle the ability to connect via WinRM, and can be targeted to specific users, groups of users, or computers using Workstyle filters.

  1. Select the Application Group you want to add the PowerShell command to.
  2. In the right pane, select Actions > Add Application > Remote PowerShell Command.
  3. We recommend that you add a Description so that you can identify the Remote PowerShell Command in the Application Group table. The Description is not used as matching criteria for the application definition. Alternatively, you can select Browse Cmdlets. This lists the PowerShell cmdlets for the version of PowerShell that you have installed. If the cmdlet you want to use is not listed because the target version of PowerShell is different, you can manually enter it.
  4. You need to configure the matching criteria for the Remote PowerShell command. You can configure:

    Command Line matches: PowerShell removes double quotes from the Command Line before it is sent to the target. Command Line definitions that include double quotes are not matched by Privilege Management for Windows for remote PowerShell commands.

  5. Click OK. The application is added to the Application Group.

If you want to manage Remote PowerShell scripts instead of a single cmdlet, see Insert Remote PowerShell Scripts.

Messages

Privilege Management for Windows end user messaging includes limited support for remote PowerShell sessions; block messages can be assigned to Workstyle rules which block remote PowerShell scripts and commands. If a block message is assigned to a Workstyle which blocks a script or command, then the body message text of an assigned message is displayed in the remote console session as an error.

For more information, please see Application Definitions.