• I don’t really have such a specific problem tbh, but I’m certain there are use cases for extending the user context to the JEA session for many purposes as per the whole JEA philosophy.

    I checked the event logs and yes you can see which users log in, but not from which ip address. The only place where I found this information (and yes I needed to dig a while) was using the get-wsmaninstance cmdlet. It’s not visible in e.g. get-pssession. In my opinion having to dig so deeply for this information is kinda stupid.

  • I can think of use cases where you want the elevated process to handle user e.g created files, and without modifying filesystem rights or providing a shared instead of private folder the only sane place to have the user place them is the profile folder. Also you might want to provide the elevated process with username information in other contexts (say i want to rights (to the filesystem, dcom or anything?) to the connecting user for instance?).

    It’s not as if it’s a new problem per se that administrative processes run in a different user context, just something that I think should be a lot more easily solved in PS remoting as compared to some other remote management solutions and also without compromising security and this would provide the system with a lot more flexibility.

    I guess many things can be logged and anything can be scripted, logging the connecting ip address is just something I’d expect to be built in since it’s kind of basic stuff and all of this is supposed to be about added security.

  • Thanks for the reply, yes I’ve read the series but I think it doesn’t significantly differ from the thin Microsoft documentation out there.

    I think the user profile use case probably hasn’t been thought about, at least I can’t see any variables in the JEA session being populated with information about the connecting user. You could achieve this e.g by passing username as a parameter to a JEA session (with sanity checks?) or then you could match it from the transcripts (by transcript PID and envvar PID e.g) or from windows event logs but these are all kinda sub-optimal.

    Other thing that bugs me a little is that I can’t find that it logs the ip address of the connecting user either in the event logs or in the transcript files.

    It seems to me it’s a good tech, but still a bit rough around the edges, could use documentation and maybe some polishing features. Sounds good that they’ve the idea of bringing it to core though!

  • Also I would be very curious to know if they’ve planned on porting JEA to core, but I suppose that’s too early to say yet and especially if it’s the same for all platforms or not since core is still in beta afaik.

  • Hi,

    Been testing JEA a bit and very impressed with the tech, and the introduction on this ms page was pretty good

    https://docs.microsoft.com/en-us/powershell/jea/overview

    also I’ve been browsing here, but it’s not much more extensive

    https://github.com/PowerShell/PowerShell-Docs

    I can’t really find much information about detailed stuff though, I was wondering if someone has better in-depth resources.

    What I’m wondering most about is the implications of different VisibleProvider settings and secondly a more specific issue : if i want to know the connecting user’s profile paths or even the username – how would I do this in a JEA session that’s running under a virtual account in nolanguage mode?

  • Hi,

    Been testing JEA a bit and very impressed with the tech, and the introduction on this ms page was pretty good

    https://docs.microsoft.com/en-us/powershell/jea/overview

    also I’ve been browsing here, but it’s not much more extensive

    https://github.com/PowerShell/PowerShell-Docs

    I can’t really find much information about detailed stuff though, I was wondering if someone has better in-depth resources.

    What I’m wondering most about is the implications of different VisibleProvider settings and secondly a more specific issue : if i want to know the connecting user’s profile paths or even the username – how would I do this in a JEA session that’s running under a virtual account in nolanguage mode?

  • Hi,

    Been having quite a time upgrading 2013 C2R Office installations to Office 2016 in an environment with some mixed msi installations of visio/project on the side.

    Been having several installs now where I can remove all previous Office installations ok, and the installation of 2016 completes ok, but I can’t get outlook to open properly. I’ve had at least a couple of these, and I’ve tried deleting all old outlook profiles and creating a fresh profile to connect to office 365. I can create the profile ok, but outlook won’t load (it gets stuck somewhere during the splash screen).

    I read something about telemetry logs for Office 2013 but wasn’t able to locate those for 2016 – I wonder if it is possible to see more detailed startup logs for outlook (what it’s doing during splash)? Also, it seemed both of my problem cases were unable to start outlook in safe mode – they claim outlook/office has a problem that needs to be repaired, but the repair simply fails.

    I wonder if this means there are still remains of old Office installations on the computer causing this, even though everything at least superficially seems to be removed? I thought about checking for addons in the registry and disabling them from there when writing this, but i doubt that’s the root cause of the issue when outlook won’t even start in safe mode. It seems the problem is somehow related to the office install although it completes without issues.

    I suspect running Office 2013 removal tool (the Microsoft fixit thing) has not been the best option, as it has at least had problems with mixed msi/c2r installs in that it first only removes msi installs and then refuses to remove the c2r install by re-running, unless first running an uninstall (that will fail) through control panel for the c2r and THEN re-run the uninstallation tool. Therefore i also suspect this may have something to do with the uninstall tool not properly really removing everything it should have.

    Anyone had issues like this or have a clue where to dig for more detailed logs of Outlook 2016 startup problems?

  • Babun's profile was updated 6 years, 4 months ago

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account