I've been troubleshooting a weird issue with my desktop where I can't enter a PowerShell session or use Invoke-Command on a handful of computers in my network, getting "Access is Denied" errors. I ran Test-WSMan from my workstation, and that worked fine, so I ruled out some basic connectivity issues. My laptop, which has the same VPN, firewall, and AV setup, can connect just fine right next to me, so that rules out those potential problems. I even switched my desktop from ethernet to wifi thinking maybe my IP was blocked, but no luck. I've disabled every feature I could in Defender for Business, yet it still won't work. I daily connect to hundreds of computers to execute PowerShell tasks, and recently I've noticed only a few (around 8) won't connect. Any advice on what else I could check? All computers are on a Windows 11 on-prem Active Directory setup, and I'm running the commands from an elevated PowerShell window.
5 Answers
Have a look at the event logs on the target computers to see if there’s any indication of failed login attempts. Running commands like Get-WMIObject or Get-CimInstance might help diagnose if the issue lies deeper within permissions or network settings.
Sometimes, the issue can arise from network configurations. A misconfigured subnet mask can lead to unexpected permission issues, so make sure nothing on that front has changed recently.
Make sure your user account has the proper rights on the remote machines. Check if you're listed in the local administrators group, and if needed, try running Enter-PSSession with your credentials explicitly specified. Also, verify that the WinRM service is running on those endpoints.
I confirmed that my admin account is already in the local admin group, and I've specified rights access, but still no success. WinRM is okay too since my laptop connects just fine.
You might want to check the connection directly using Test-NetConnection with port 5985 to determine if a firewall is blocking it. That could be affecting your access to the remote systems directly.
I tried that test earlier and it succeeded, which makes me think it's not a firewall issue at play.
Don't forget to check port 5986 for HTTPS as well—just to cover all bases!
It might be worth confirming that PowerShell remoting is enabled via GPO. Running a gpupdate/force and checking with gpresult on the clients throwing the access denied error could shed some light on any policy issues.
Good point! I've noticed some errors in the logs recently, so that might be worth investigating further.