Security in IIS

Product: PowerShell Universal
Version: 3.2.0

Hi All,

I’ve configured the Windows Authentication in IIS and we’ve see some strange behaviour. Any ideas?

1: When an unknown user logs in this is the view:

When checking as Administrator I see that the user is created with the role ‘Policy Defined’:

Only specific users may enter and view Powershell Universal so by default I would like no rights for a new user. How to achieve this?

2: Change rights of a user:
When changing for example a role of a user from ‘Policy Defined’ to ‘Administrator’ for some reason I need to restart Powershell Universal before the new role is working for the user.
Anyone recognises this behaviour and how to solve it?

Thanks for looking at this topic.

Best regards,
Menno Voerman

  1. Policy defined means that the roles.ps1 scripts are running and assigning roles. If you want to prevent any user from getting in, make sure to return $false from all policy scripts.

  2. This may be a caching issue. On the roles page, try using the clear cache button after changing the user’s role.

Hi Adam,

  1. Didn’t know that. Works indeed like expected!

2: It works for new users and changing the role

1: User logs in (error no access)
2: Change role from Policy Defined to Administrators
3: Click on ‘Clear Cached Claims’ in Roles
4: User has now the expected rights!

For the removal of a user for some reason this doesn’t work.
When you’re logging in with Windows Authentication as Administrator and remove this user the session is still valid.It’s not a big problem in my use case but I just would let you know!