This one may be a bit tricky, and may not be possible. I have a PowerShell JEA endpoint configured in my DSC. It runs fine. The trouble is the users that are listed in the RoleDefinitions section of the JeaEndpoint section are in a different domain than the server itself. The domains are trusted, but the users accessing the endpoint are in a different domain than the server. When you run the DSC it works, but it changes the domain to the server domain instead of the domain specified. Thus when users try to access it, it fails.
JeaEndpoint Endpoint
{
Ensure = "Present"
EndpointName = "Microsoft.Sme.PowerShell"
RoleDefinitions = "@{ 'USERDOMAIN\UserGroup' = @{ RoleCapabilities = 'MS-Administrators', 'MS-Hyper-V-Administrators', 'MS-Readers' }}"
}
After running this and doing a Get-PSSessionConfiguration, this is the result:
Name : Microsoft.Sme.PowerShell
PSVersion : 5.1
StartupScript :
RunAsUser :
Permission : ServerDomain\UserGroup AccessAllowed
