KB0023 - Unauthorized Access screen presented after upgrading to PowerShell Universal 3.7.1

KB0023 - Unauthorized Access screen presented after upgrading to PowerShell Universal 3.7.1

Affected Versions

- PowerShell Universal 3.7.0
- PowerShell Universal 3.7.1

Issue

A user attempts to access the admin console on a machine that was upgraded and are presented with a Not Authorized screen. 

Solution

1. Upgrade to PowerShell Universal 3.7.2
2. Define a roles.ps1 file in the Repository folder that grants access to the user for the administrator role.

For example, you can grant any user access by returning true from the Policy ScriptBlock in New-PSURole. 

  2. New-PSURole -Name 'Administrator -Policy {
  3.    param(
  4.          [Security.ClaimsPrincipal]$User
  5.    )
  6.     $true
  7. }

3. Downgrade to 3.6.4

Root Cause

In PowerShell Universal version 3.7, a change was made to the default behavior for role policies. Previous to this version, policies returned true by default which would grant all users access to the admin console. In version 3.7, policies returned false by default. If a policy was not configured or a role was not assigned to the user in the previous version, the user would no longer have access to the admin console.