发表新帖
发表新帖

What security setting is preventing Remote PowerShell 2.0 from accessing UNC paths

前端 未结
关注
2 1796
执笔经年
执笔经年 2020-12-02 19:10

This is just crazy, I am starting on PowerShell. And of course I need to do Admin work remotely.

A simple

dir \\\\server\\share\\folder
相关标签:
2条回答
  • 自闭症患者
    2020-12-02 19:51

    Powershell also uses Internet Explorer security settings on running remote scripts.

    I have found that, for whatever machine you are trying to have run a remote script, if I add the unc path of the remote machine to my trusted intrAnet sites, I can run scripts then (assuming my execution policy in posh is set to remotesigned...."set-executionpolicy remotesigned").

    I do a ton of administration for multiple servers with and without SQL, and I've never done anything with Enable-WSManCredSSP.

    0 讨论(0)
  • 栀梦
    2020-12-02 19:56

    To get this to work, you must configure both your local and remote computers.

    On the remote server, run the following command:

     Enable-WSManCredSSP -Role server

    You'll know things are confgured correctly if you run the Get-WSManCredSSP cmdlet and get the following output:

    The machine is not configured to allow delegating fresh credentials. This computer is configured to receive credentials from a remote client computer.

    On your local computer, from an Administrative PowerShell prompt, you need to allow credential delegation in PowerShell. Run the following command:

     Enable-WSManCredSSP -Role Client -DelegateComputer <REMOTE_COMPUTER_NAME>

    You can enable all servers by using * for REMOTE_COMPUTER_NAME.

    You'll know this is configured correctly when you run Get-WSManCredSSP and get the following output:

    The machine is configured to allow delegating fresh credentials to the following target(s): wsman/REMOTE_SERVER_NAME
    This computer is not configured to receive credentials from a remote client computer.

    On your local machine, update Group Policy to allow your credentials to be delegated to the remote server.

    1. Open gpedit.msc and browse to Computer Configuration > Administrative Templates > System > Credentials Delegation.
    2. Double-click "Allow delegating fresh credentials with NTLM-only Server Authentication".
    3. Enable the setting and add the build server to the server list as WSMAN/BuildServerName. (You can enable all servers by entering WSMAN/*.)

    Then, when you need to run your command on the remote server, you can't use any of the *-PSSession commands because CredSSP can't use cached credentials. You have to start the session using Invoke-Command, and use CredSSP as the value to the Authentication parameter, like so:

    Invoke-Command -ScriptBlock { # remote commands here } `
               -ComputerName <REMOTE_COMPUTER_NAME> `
               -Authentication CredSSP `
               -Credential <USERNAME>
    0 讨论(0)
 看不清?
提交回复
热议问题