Powershell Remote: Microsoft.Update.Session, Access Denied: 0x80070005

by

When you are in a remote PowerShell session your logon session on this remote computer is flagged as a “network” logon (Logon Type: 3).
For some obscure (security? sell SCCM?) reason, part of the Windows Update Agent COM APIs are restricted to only be usable by locally logged on Administrators.

Using PsExec and Scheduled Tasks have been suggested as workarounds.

IMO, the most seamless (and still secureable) solution is to facilitate the RunAs-style “Local Virtual Account” feature of PowerShell Session Configurations / JEA.
Usually, JEA is used to “restrict” what a user can do on a remote computer PowerShell-wise, but we are (ab-)using it here to gain full access as if we were a locally logged on Administrator.

(1.) Create a new unrestricted (and persistent!) session configuration on ComputerB (remote server):

New-PSSessionConfigurationFile -RunAsVirtualAccount -Path .\VirtualAccount.pssc
# Note this will restart the WinRM service:
Register-PSSessionConfiguration -Name 'VirtualAccount' [-ShowSecurityDescriptorUI] -Path .\VirtualAccount.pssc -Force
# Check the Permission property:
Get-PSSessionConfiguration -Name 'VirtualAccount'
# Those users will have full unrestricted access to the system!

(2.) From ComputerA (local client) connect to our unrestricted session configuration on ComputerB:

New-PSSession -ComputerName 'ComputerB' -ConfigurationName 'VirtualAccount' | Enter-PSSession
[ComputerB]: new-object -com "Microsoft.Update.Downloader" # Yay!

More Related Contents:

  1. How to call a complex COM method from PowerShell?
  2. Where can I find all of the COM objects that can be created in Powershell?
  3. Generate manifest files for registration-free COM
  4. How to put the WebBrowser control into IE9 into standards?
  5. Windows 64-bit registry v.s. 32-bit registry
  6. How do you register a Win32 COM DLL file in WiX 3?
  7. Can’t get all excel processes to stop when closing through Powershell
  8. Find local copy of files in snapshot view
  9. Use Office Interop on ASP.net MVC6 website
  10. What does “Method ‘~’ of object ‘~’ failed” at runtime mean?
  11. Excel 2007 automation on top of a Windows Server 2008 x64
  12. TFS Build server and COM references – does this work?
  13. Function return value in PowerShell
  14. how do I loop through a line from a csv file in powershell
  15. Access PSObject property indirectly with variable
  16. Custom RoboCopy Progress Bar in PowerShell
  17. Executing an EXE file using a PowerShell script
  18. How to repair COMException error 80040154?
  19. Silent run installer (.exe) with parameters on Windows
  20. How to replace “single quote” to “double single quote” in XSLT
  21. Redirect Write-Host statements to a file
  22. Powershell ConvertTo-json with embedded hashtable
  23. VS code terminal can’t find AWS SAM even though windows terminal can
  24. Script has two variables when done, but when I pipe to SELECT-object only first one returns data to console
  25. Message “the term ‘ng’ is not recognized as the name of a cmdlet”
  26. Why do integers in PowerShell compare by digits?
  27. How can I find the source path of an executing script? [duplicate]
  28. Start-process raises an error when providing Credentials – possible bug
  29. What are the differences between using the New keyword and calling CreateObject in Excel VBA?
  30. Why is “

Leave a Comment