Saturday, September 19, 2009

Using a PS Session without having Administrative Permissions

One of the great features of PowerShell V2 is the remote session support. But in the default configuration only local administrators can create a remote session. This is what a normal user sees -

image

This is how you delegate the feature to other users – the easy way.

First, create a local group and insert the user(s)

net localgroup "PowerShell Session Users" /add
net localgroup "PowerShell Session Users" the-user /add





Second, execute this command to bring up the permissions GUI




Set-PSSessionConfiguration microsoft.powershell -ShowSecurityDescriptorUI





add the group and grant execute (invoke) permissions -



image









Note that you have to restart the service -



image



And finally, try it out.



image



Let me draw your attention to two things in the picture above. First, the remote command is executed by a wsmprovhost process and second, extra properties are returned even though only the processname was selected. The extra properties are useful if you execute command on multiple sessions. In this way, you can recognize the returned objects.

Friday, September 11, 2009

Interesting post on Early Media and Windows 2008 Firewall

Jeff Nye posted an interesting gotcha with the Windows 2008 Firewall blocking Early Media. Find his elaborate version of the problem/solution here and the original post in French here.

Tuesday, September 08, 2009

Getting Communicator Mobile 2007 R2 running on Nokia S40/S60 devices

 
As the current documentation for the Office Communicator Mobile 2007 R2 client for Java (used by Nokia S40 and S60 devices, among others) is a bit sparse in regards to client setup, I thought I would share this with you.
 


As you are probably aware, CoMo R2 for Java utilizes components from the Communicator Web Access server, but the thing you need to be aware of is this:


The Server Address (URL) that you enter when configuring the client on your mobile device has to point to the Communicator Web Access URL, not the Access Edge (typically sip.domain...)
 



Thus, if you need to support Java clients using CoMo R2, you need your CWA published externally through a reverse proxy (ISA/TMG recommended) - and those clients need to input a different URL than the Windows Mobile CoMo R2 clients (which use the Access Edge URL).
 


Hopefully, this will be spelled out in more detail in the documentation in a future revision.