PowerShell

The PowerShell forum accepts bug reports as well as feedback and suggestions. For more information, check out the PowerShell Homepage

The following is a list of the states we use to track items.

status meaning
survey We saw this and we are considering it. Please upvote if it’s important to you.
needs more information We don’t understand the issue and need additional details.
investigating We are looking at this internally to understand things like: scenario, reproduction of issue, costing, or other technical details.
in queue The issue is understood and in our unprioritized backlog. Your votes will be used to drive prioritization of this work.
  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please enable port forwarding within PowerShell

    The very cool features on linux is about the port forwarding when we ssh to a remote server.
    I hope PowserShell come with these cool things.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  2. SeServiceLogonRight is not getting cleaned up after exiting JEA session

    I have an issue with Just Enough Administration and Windows 2012 R2, where when I have the 'Run As Virtual account' set to true, it does not clean up after itself. The temporary virtual account is left in 'Logon as a service'. this can be viewed from the local security policy.

    https://github.com/PowerShell/PowerShell/issues/5296

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  3. WinRM

    Possible Bug WFM 5.1 with WinRM via Command line. (Can provide Screenshots of issue)

    When trying to authenticate to WinRM via command line receive the following error using password with ^ as a special character.

    Example Command:

    winrm id -r:https://servname:5986 -a:Kerberos -u:serviceaccount@localdomain.local -p:gt^qB%CxkaSQ -encoding:utf-8

    Error:
    WSManFault

    Message = The user name or password is incorrect.
    

    Error number: -2147023570 0x8007052E

    When change ^ to ! receive the following output:

    C:\Users\shawns>winrm id -r:https://servername:5986 -a
    :Kerberos -u:serviceaccount@localdomain.local -p:gt!qB%CxkaSQ -encoding:ut
    f-8
    IdentifyResponse

    ProtocolVersion = <a rel="nofollow noreferrer" href="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd</a>
    
    ProductVendor = Microsoft Corporation
    ProductVersion = OS: 6.3.9600 SP: 0.0 Stack: 3.0
    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  4. WMF 5.1 RestrictedRemoteServer session type fails to import the 'Microsoft.PowerShell.Utility' module

    When importing this module in a restricted session type or when making a function or a cmdlet from this module visible, i.e:
    VisibleFunctions = 'Get-FileHash'
    the following message is returned:
    WARNING: The 'Microsoft.PowerShell.Utility' module was not imported because the 'Microsoft.PowerShell.Utility' snap-in was already imported.
    In practice, the module is not being imported.
    Get-PSSnapin shows that a snapin with the same name is indeed loaded:
    Name : Microsoft.PowerShell.Utility
    PSVersion : 5.1.14409.1005
    Description : This Windows PowerShell snap-in contains utility
    cmdlets that are used to view and organize data in different ways.
    but exposes no commands
    Get-PSSnapin from a regular (not remote)…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →

    This report is a bit confusing, so need some information.
    On the system where you received this error, please try running any of the commands from Microsoft.PowerShell.Utility, such as get-member, or get-date. The error message and the information you provided seems to indicate that the module is already loaded, so we are looking for other indications that it is not.

  5. Enable WINRM certificate mapping for domain user

    Currently I need to manage Windows DNS server. I would like to use a client certificate to connect to WinRM to manage it, since I want to expose it in RESTful interface. But WINRM certificate mapping only allows non-domain account.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  6. JEA is difficult for delegates to use without tab completion

    By default tab completion is disabled in JEA endpoints- and there is no guidance on how (or if) it can be enabled safely.
    Without tab completion it is
    1. Harder to discover available commands (no Get-<tab>)
    2. Harder to execute available commands with correct parameter name spelling etc.
    3. Harder to populate correct values (e.g., no help with ValidateSet scenarios)
    This all works against the applicability of JEA for delegation scenarios where a less expert sub-admin has to blindly type out a potentially complex and unfamiliar command.
    Please make some basic level of tab completion work by default, and please…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    In Queue  ·  4 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  7. Get-PSSessionCapability returns capabilities even when the speficied user doesn't have permissions to connect to the session

    The documentation on Get-PSSessionCapability states it returns information (capabilities) on the session configuration the specified username has on it, but it also returns it for a SessionConfiguration (created with a pssc file) when it wasn't created with a RoleDefinition, no matter if the specified user can or cannot access it.
    I would expect it not to return any information for that SessionConfiguration, or have a property that indicates the specified doesn't have the required permissions (invoke / fullcontrol).

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  8. Server 2012R2 winrm https listener autocertificate reneval

    If you enable an https listener on a server and use it with an autoenrolled certificate, the listener will not be updated when the new autoenrollment takes place as the thumbprint will be hardcoded to the listener. This makes the technologie to use an https listener on all your servers to a big administrative burden as you have to keep the listeners up-to-date. Please develop some solution that this certificate will stay up-to-date with each new autoenrollment (like with a scheduled task which starts after autoenrollment scheduled task)

    Thanks

    Max

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  9. WinRM should register it's proper SPN

    The WinRM service should register the HTTP/computername:5985 and HTTP/computername.fqdn:5985 (or configured port) SPNs so that clients can locate the proper Kerberos principal to authenticate against. Currently anything that uses Kerberos over http:80 can claim its valid SPN and break Kerberos authentication for WinRM.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  10. Get-WSManCredssp should return an object

    Microsoft.WSMan.Management\Get-WSManCredssp currently returns a string describing the WSMan state instead of an object with properties that can be used programmatically. Perhaps something like:

    ClientEnabled: $true
    ServerEnabled: $false
    DelegateComputer: [ "wsman/*.contoso.com" ]

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  11. WMF/WinRM 5.1 System File version issues after installing KB4103724

    My operating system environment is W8.1/WS12R2 with Windows Mangagement Framework 5.1 installed

    After installing KB4103724 (May, 2018 Preview of monthly Rollup for NT6.3), I found that some of the files in WMF/WINRM 5.1 were changed, and those changes were not listed on the update history.

    Let me say a few questions about this change:

    1: Generally speaking, the monthly Summary preview update is used to resolve performance and reliability issues, but this update history does not list the changes in WMF/WINRM 5.1. The affected file in WMF/WINRM 5.1 is listed only in file information for update 4103724.

    2: I noticed…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  13. Possible Bug: Mapping persistent drives with New-PSDrive using WINRM sessions

    I am trying to map persistent drives using New-PSDrive on a remote winrm session, but when I opened a new session the mapping driver got the status of "Unavailable". I am using CREDSSP

    Session A creating the mapping

    $credentials = Get-Credential user
    $session = New-PSSession -ComputerName Server1 -Credential $credentials -Authentication CredSSP
    $computername = "Server2"
    Invoke-Command -Session $session -ScriptBlock {

    param($computername)
    New-PSDrive -PSProvider FileSystem -Name "X" -Root "\$computername\scripts" -Persist -Verbose -Scope Global
    } -ArgumentList $computername

    Session B checking the mapping

    $credentials = Get-Credential user
    $session = New-PSSession -ComputerName Server1 -Credential $credentials -Authentication CredSSP
    $computername = "Server2"

    Invoke-Command -Session $session -ScriptBlock { …

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  14. Register-PSSessionConfiguration -WarningAction SilentlyContinue does not suppress warning text

    When creating a JEA endpoint with the following command:

    Register-PSSessionConfiguration -WarningAction SilentlyContinue ...

    The warning about restarting the WinRM service is still displayed. The expected action is for the SilentlyContinue argument to suppress any warnings. This occurs every time.

    The workaround here is to use the -NoServiceRestart switch and then restart the WinRM service manually.

    Behavior is observed on Server 2016 with PSVersion 5.1.14393.0.

    Thanks,

    J.
    

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  15. PowerShell: Unable to reconnect disconnected PSSession when PSRemotingProtocolVersion does not match

    From a win7 or win10 workstation running PS5 I can create a PSRemoting session (new-pssession) to a server running PS4. But if that session should become disconnected, I'm unable to reconnect (or receive) the session, receiving, instead the following error:
    Receive-PSSession : Connecting to remote server hsfsrpw001 failed with the following error message : The server that is running
    Windows PowerShell does not support connect operations on the protocolversion 2.3 that is negotiated by the client computer. Make
    sure the client computer is compatible with the build 6.3.9600.17400 and the protocol version 2.2 of Windows PowerShell. For more
    information, see…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add A "Start In" Directory for Enter-PSSession

    By default, we are placed into Documents (at least I am), then have to change directories. It would be nice to be able to specify a directory we'd like to start in using Enter-PSSession.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  17. Block WinRM operations during servicing

    The WinRM service starts normally and accepts requests during component servicing operations (eg, "Working on Updates", "Working on Features" screens after a post-update/feature-change reboot). This causes problems for configuration management in cases where the servicing process triggers further reboots, especially since there doesn't appear to be a documented way to determine that servicing is underway. WinRM should either wait to accept requests until servicing is complete, or a way for third-party tools to determine that servicing is underway from Powershell should be documented.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  3 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  18. Remote Invoke-Command Powershell Stop-WebAppPool No Longer Working After Powershell 5 Upgrade

    The full details of the issue are already documented on Server Fault here: http://serverfault.com/questions/806794/remote-invoke-command-powershell-stop-webapppool-no-longer-working-after-powersh

    The gist of it is that we have Server A which was on WMF 4 / PowerShell 4 and was able to issue Invoke-Command calls to Server B which was on WMF 2 / PowerShell 2. In particular, a call to Stop-WebAppPool. After upgrading Server A to WMF 5, the call to Stop-WebAppPool no longer works. However, issuing this command to other Servers on WMF 4/5 seems to work.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  19. Jea logon fails if the calling account isn't an administrator on the endpoint

    jea cannot be used if the calling user isn't an administrator

    I have an issue similar to this but slightly different.

    https://windowsserver.uservoice.com/forums/301869-powershell/suggestions/13788477-jea-can-not-be-used-with-local-account-if-runasvir

    I have JEA configured and set up. When I connect to the endpoint with an account that is an administrator where the endpoint is located it works fine. My commands are limited to what I set in my profile etc.

    When I try to connect as a non-privileged user that is in the correct group to use the endpoint it fails with "the username or password is incorrect". If I add that SAME account to the local administrator's…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  20. WinRM "concurrent operations" increase to eventual failure

    Concurrent operations on an open shell always increase (eg, for each command run) even when the Terminate signal message is sent and (apparently) properly processed after each command. This eventually causes the MaxConcurrentOperationsPerUser quota to be hit, requiring a new shell to be created.

    A simple reproduction using pywinrm is available at: https://github.com/diyan/pywinrm/issues/124. I'm guessing there's just something wrong with the way the Terminate signal is being sent by pywinrm, but the server appears to be happy with it.

    To run the repro, ensure python and pip are available, create a file with the repro code (and adjust the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    investigating  ·  0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base