The default WinRM ACL (at least on 2012R2- only thing I have booted to look at right now) only includes the local Administrators group (and INTERACTIVE, but not in a usable way). If you do a
winrm configSDDL default on the host in question, you can add any user you want to that ACL (they only need Read and Execute to get logged in via WinRM). I usually just add the local "Remote Management Users" group, then add users to that (not sure why it's not already included, since that was arguably its purpose). You can set this ACL in an automated fashion as well if you're good with SDDL. On Monday, June 6, 2016 at 12:16:17 PM UTC-7, [email protected] wrote: > > Hello, > Just to share my tests, I face exactly the same issues with the same > configuration (same user on a windows box can run remote Powershell > commands even when not in administrators group). > I tried with local user and basic auth and domain user with Kerberos. As > soon as the user is member of the local Administrators group he can run > remote shell commands, if not (I even created a dedicated groupe > POSH-RemoteUsers in the domain and provided it with appropriate rights) I > get the "winrm.exceptions.WinRMTransportError: 500 WinRMTransport. Bad HTTP > response returned from server. Code 500" error. > > Will try to debug a bit further but with little hope. > > Patrick > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5c9eea5e-7e7e-49ac-8dce-289a9b72b9ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
