Configuring PowerShell Remote Access

You can run PowerShell commands on remote computers and have the agent handle the authentication and privilege elevation for you. In order to run remote PowerShell commands, the following requirements apply:

  • The target computer needs to have the Centrify Agent for Windows installed with the Centrify Privilege Elevation Service enabled.
  • Assign the user to a role with the "PowerShell remote access is allowed" system right granted.

  • If you're using the Centrify Audit & Monitoring Service, when a user attempts to run PowerShell remotely on a computer, the system triggers an audit trail event. Centrify Audit & Monitoring Service is an optional service.
  • To assign PowerShell remote access to a user:

    1. In the Centrify Access Manager console, open the zone that the Windows system to be managed belongs to (Centrify Access Manager is not necessary installed on the machine with the Windows agent).

    2. Under Role Definitions, right-click a role that you'd like to assign PowerShell remote access permission to and select Properties.

    3. Under System Rights > Windows rights, select PowerShell remote access is allowed.
    4. Right-click Role >Assignment and select Assign Role.

    5. Select the role as defined above and assign the Windows account to it.