By default, UAC restricts WinRM calls to domain admins and the default local “Administrator” account. Local Windows admins cannot call this service without first disabling UAC!
WARNING
Admin-ish privileges (including privileges associated with the Backup Operators group) are stripped by default when using WinRM. To enable this access, we need to set the LocalAccountTokenFilterPolicy registry key to 1.
Many large companies will enable PowerShell remoting on all machines in order to ease IT support burdens (by default, remoting is only enabled on domain controllers).
# Create PSCredential object for authentication.#$username = "$TARGET_USER";$password = "$TARGET_PASSWORD";$SECURE_PASSWORD = ConvertTo-SecureString "$TARGET_PASSWORD" ` -AsPlainText -Force;$CREDENTIAL_OBJECT = New-Object ` System.Management.Automation.PSCredential ` $TARGET_USER, $SECURE_PASSWORD;# Enter an interactive PowerShell session on the $TARGET_HOST.#Enter-PSSession -ComputerName $TARGET_HOST ` -Credential $CREDENTIAL_OBJECT# Alternately, we can pass commands directly as "script# blocks". Note that the $POWERSHELL_SCRIPT does not have# access to any variables in the host script or session, as# its sent to $TARGET_HOST for execution (though this can be# worked around using the -ArgumentList parameter, if# necessary).#Invoke-Command -ComputerName $TARGET_HOST ` -Credential $CREDENTIAL_OBJECT ` -ScriptBlock { $POWERSHELL_SCRIPT }