I have a workgroup of Windows 7/10 machines that all have the same username/password. If I Enable-PSRemoting on Comupter-1 for instance, it sets LocalAccountTokenFilterPolicy to 1. Now with remote UAC disabled that machine becomes vulnerable because I can remotely execute any PS command on it without being prompted for password. A command like this doesn't even need credentials to delete files remotely:
Invoke-Command -ComputerName Computer-1 {Remove-Item C:\test.txt}If I create a different user on a client PC and switch to it that command gets me "Acces is deined" if I don't use -Credential key which is my desired scenario. So giving every machine a unique password solves it but that would definitely turn scripting and maintenance into hell.
Is there a way around it? Perhapse a registry or policy tweak to force authorization in this scenario. Or some trick to create a second user with full WinRM access while restricting the default user from it?