Skip to main content

Setting up access to SharePoint Management Shell

When listing SharePoint managed accounts, service accounts and servers in a SharePoint farm, access to SharePoint Management Shell is required. The following steps describe how to set up access to SharePoint Management Shell.

On the SharePoint server:

  1. Add the SharePoint target system administrator into following local user groups by using server manager:

    • Remote Desktop Users

    • WinRMRemoteWMIUsers__

    • WSS_ADMIN_WPG

    Note

    Local group WinRMRemoteWMIUsers__ is not installed by default in Windows later versions, such as Windows 2016. It can be added by using command:

    net localgroup /add WinRMRemoteWMIUsers__

  2. Launch the SharePoint Management Shell as an Administrator

  3. Execute the following command to enable Windows Remote Management (WinRM):

    Enable-PSRemoting -Force

  4. Execute the following command to enable Credential Security Support Provider (CredSSP) authentication on the SharePoint server:

    Enable-WSManCredSSP -Role Server

  5. Execute the following command to grant the target system administrator the SharePoint_Shell_Access role:

    Add-SPShellAdmin -UserName Domain\Username

    Replace the Domain\Username with the target system administrator.

  6. Execute the following commands to grant the target system administrator access to SharePoint web application:

    $webApp = Get-SPWebApplication -Identity "SharePoint site URL"

    $webApp.GrantAccessToProcessIdentity("Domain\Username")

    • Replace "SharePoint site URL" with your site’s URL.

    • Replace the Domain\Username with the target system administrator.

The following steps describe how to configure the client computer where the connector(agtshrpt) is installed.

  • If the connector(agtshrpt) is installed on Bravura Security Fabric server:

  1. Launch Windows PowerShell as an Administrator.

  2. Execute the following command to enable Credential Security Support Provider (CredSSP) authentication:

    Enable-WSManCredSSP -Role client -DelegateComputer "<SharePointServerName>"

  • If the connector(agtshrpt) is installed on the SharePoint server:

  1. Install the Proxy Service (psproxy) on the SharePoint server by using a domain administrator account as the proxy service account.

  2. Install Connector Pack which should match the setup of Bravura Security Fabric server Connector Pack.

  3. Launch SharePoint Management Shell.

  4. Execute the following command to grant the proxy service account SharePoint_Shell_Access role:

    Add-SPShellAdmin -UserName "proxy service account"

In this section: