I am working with PowerShell constrained endpoints. I have an endpoint that runs as a specific user as it needs to reach out to make calls to another service on another system. Virtual accounts and gMSAs will not work with this other service so it must be a regular user account.
I would like to be able to record the connection's client IP address in the logs. In the past I have used the following:
$script:EndpointClientIp = Get-WSManInstance Shell -Enumerate | Where-Object { $_.ProcessId -eq $script:EndpointProcessId } | Select-Object -ExpandProperty ClientIP
However, the above Get-WSManInstance command only works if the user is an admin. In these new JEA endpoints I am trying to avoid giving the run-as user admin privileges.
Is there a way to acquire this IP address without being an admin on the system? Perhaps there is a way to modify the WSMan permissions to allow this user account to access that portion of the WSMan config? If so, what else would it gain access to that I would want to consider? If not through the WSMan, is there another way to tie the IP address of an incoming connection to the process ID of the app allowing the connection (again, without admin privileges)?
This is a Windows Server 2019 box.