Denies access to the session configurations on the local computer.

Syntax

Disable-PSSessionConfiguration [[-Name] <string[]>] [-Force] [-Confirm] [-WhatIf] [<CommonParameters>]

Description

The Disable-PSSessionConfiguration cmdlet prevents all users of the computer from using the session configuration in a session. This is an advanced cmdlet that is designed to be used by system administrators to manage customized session configurations for their users.

The Disable-PSSessionConfiguration cmdlet adds a "deny all" setting to the security descriptor of one or more registered session configurations. As a result, you can unregister, view, and change the configurations, but you cannot use them in a session.

Without parameters, Disable-PSSessionConfiguration disables the Microsoft.PowerShell configuration, which is the default configuration that is used for sessions. Unless the user specifies a different configuration, both local and remote users are effectively prevented from creating any sessions that connect to the computer.

To disable all session configurations on the computer, use Disable-PSRemoting.

Parameters

-Force

Suppresses all user prompts. By default, you are prompted to confirm each operation.

Required?

false

Position?

named

Default Value

False

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Name <string[]>

Specifies the names of session configurations to disable. Enter one or more configuration names. Wildcards are permitted. You can also pipe a string that contains a configuration name or a session configuration object to Disable-PSSessionConfiguration.

If you omit this parameter, Disable-PSSessionConfiguration disables the Microsoft.PowerShell session configuration.

Required?

false

Position?

1

Default Value

Microsoft.PowerShell

Accept Pipeline Input?

true (ByValue, ByPropertyName)

Accept Wildcard Characters?

true

-Confirm

Prompts you for confirmation before executing the command.

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Describes what would happen if you executed the command without actually executing the command.

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters.

Inputs and Outputs

The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet returns.

Inputs

Microsoft.PowerShell.Commands.PSSessionConfigurationCommands#PSSessionConfiguration, System.String

You can pipe a session configuration object or a string that contains the name of a session configuration to Disable-PSSessionConfiguration.

Outputs

None

This cmdlet does not return any objects.

Notes

To run this cmdlet on Windows Vista, Windows Server 2008, and later versions of Windows, you must start Windows PowerShell with the "Run as administrator" option.

Example 1

C:\PS>Disable-PSSessionConfiguration

This command disables the Microsoft.PowerShell session configuration.






Example 2

C:\PS>disable-pssessionConfiguration -name *

This command disables all registered session configurations on the computer.






Example 3

C:\PS>disable-pssessionConfiguration -name Microsoft* -force

This command disables all session configurations that have names that begin with "Microsoft". The command uses the Force parameter to suppress all user prompts from the command.






Example 4

C:\PS>Get-PSSessionConfiguration -name MaintenanceShell, AdminShell | Disable-PSSessionConfiguration

This command disables the MaintenanceShell and AdminShell session configurations. 

The command uses a pipeline operator (|) to send the results of a Get-PSSessionConfiguration command to Disable-PSSessionConfiguration.






Example 5

C:\PS>Get-PSSessionConfiguration | format-table -property Name, Permission -auto

Name                   Permission
----                   ----------
MaintenanceShell       BUILTIN\Administrators AccessAllowed
microsoft.powershell   BUILTIN\Administrators AccessAllowed
microsoft.powershell32 BUILTIN\Administrators AccessAllowed

C:\PS> Disable-PSSessionConfiguration -name MaintenanceShell -force

C:\PS> Get-PSSessionConfiguration | format-table -property Name, Permission -auto

Name                   Permission
----                   ----------
MaintenanceShell       Everyone AccessDenied, BUILTIN\Administrators AccessAllowed
microsoft.powershell   BUILTIN\Administrators AccessAllowed
microsoft.powershell32 BUILTIN\Administrators AccessAllowed

C:\PS> Set-PSSessionConfiguration -name MaintenanceShell -MaximumReceivedDataSizePerCommandMB 60

ParamName            ParamValue
---------            ----------
psmaximumreceived... 60

"Restart WinRM service"
WinRM service need to be restarted to make the changes effective. Do you want to run the command "restart-service winrm"?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y


C:\PS> new-pssession -computername localhost -configurationName MaintenanceShell

[localhost] Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubl
eshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionOpenFailed


Description
-----------
This example shows the effect of disabling a session configuration.

The first command uses the Get-SessionConfiguration and Format-Table cmdlets to display only the Name and Permission properties of the session configuration objects. This table format makes it easier to see the values of the objects. The results show that members of the Administrators group are permitted to use the session configurations.

The second command uses the Disable-PSSessionConfiguration cmdlet to disable the MaintenanceShell session configuration. The command uses the Force parameter to suppress all user prompts.

The third command repeats the first command. The results show that you can still get the object that represents the MaintenanceShell session configuration even though everyone is denied access to it. The "AccessDenied" entry takes precedence over all other entries in the security descriptor.

The fourth command uses the Set-PSSessionConfiguration cmdlet to increase the MaximumDataSizePerCommandMB setting on the MaintenanceShell session configuration to 60. The results show that the command was successful even though everyone is denied access to the configuration.

The fifth command attempts to use the MaintenanceShell session configuration in a session. It uses the New-PSSession cmdlet to create a new session and the ConfigurationName parameter to specify the MaintenanceShell configuration. The results show that the  New-PSSession command fails because the user is denied access to the configuration.






See Also




Table Of Contents