Is your feature request related to a problem? Please describe.
The core problem I am trying to solve is to give our 2L support ability to run a script with higher permissions than what they have. I've placed the script on a server and added it to a task scheduler to run as a service account. Sadly I can't figure a way to grant access to running this script remotely without admin access to the server.
I've tried WMI + MMC Snap-In and I did manage to grant proper WMI access but MMC still is not able to connect.
I've looked into JEA and Constrained Endpoints but the lack of GUI is a problem for our 2L.
Windows Admin Center with JEA sounds like a perfect solution for this use case and some other we've got.
What I am able to do is create custom endpoints with custom role definitions and I am able to add custom role definitions to the endpoint WAC uses but what I can't do is log in using WAC when using one of the custom roles. It still works for the three built-in ones.
Describe the solution you'd like
I'd like WAC to recognize all RoleDefinitions withing it's default Endpoint Microsoft.Sme.Powershell so that I will be able to create custom roles specific for my Environment. I am fine with creating those roles via text files and setting endpoints via powershell. I just wish for the end result to be usable via WAC.
Describe alternatives you've considered
I've considered using MMC with Task Schedule snapin and adding users to Built-In Remote Management Users but couldn't get past the Access Denied error for non admin accounts when accessing remotely. Using Remote Desktop is not an option there.
Is your feature request related to a problem? Please describe. The core problem I am trying to solve is to give our 2L support ability to run a script with higher permissions than what they have. I've placed the script on a server and added it to a task scheduler to run as a service account. Sadly I can't figure a way to grant access to running this script remotely without admin access to the server.
I've tried WMI + MMC Snap-In and I did manage to grant proper WMI access but MMC still is not able to connect. I've looked into JEA and Constrained Endpoints but the lack of GUI is a problem for our 2L. Windows Admin Center with JEA sounds like a perfect solution for this use case and some other we've got.
What I am able to do is create custom endpoints with custom role definitions and I am able to add custom role definitions to the endpoint WAC uses but what I can't do is log in using WAC when using one of the custom roles. It still works for the three built-in ones.
Describe the solution you'd like I'd like WAC to recognize all RoleDefinitions withing it's default Endpoint
Microsoft.Sme.Powershell
so that I will be able to create custom roles specific for my Environment. I am fine with creating those roles via text files and setting endpoints via powershell. I just wish for the end result to be usable via WAC.Describe alternatives you've considered I've considered using MMC with Task Schedule snapin and adding users to Built-In Remote Management Users but couldn't get past the Access Denied error for non admin accounts when accessing remotely. Using Remote Desktop is not an option there.