Use current Powershell credentials for remote call

Question

I have a Powershell script that is used to remotely call other Powershell scripts on other servers. The script is used to shut down and start up services on the different serve

Answer 1

Sounds like a double hop problem. These are notoriously difficult to work around, since the credentials you would pass can't be authenticated by the second system.

CredSSP is a solution, but it does increase security risk so use caution, make sure you understand the configuration, and make sure you configure it right.

Answer 2

The -Credential method on Invoke-Command is probably what you want. I find this pretty useful for storing a credential set for scripting use in an encrypted fashion.

Add-Type -assembly System.Security

# String to Crypt
$passwordASCII = Read-Host -Prompt "Enter the Password"

# String to INT Array
$enc = [system.text.encoding]::Unicode
$clearPWD_ByteArray = $enc.GetBytes( $passwordASCII.tochararray())

# Crypting
$secLevel = [System.Security.Cryptography.DataProtectionScope]::LocalMachine
$bakCryptedPWD_ByteArray = [System.Security.Cryptography.ProtectedData]::Protect($clearPWD_ByteArray, $null, $secLevel)

# Store in Base 64 form
$B64PWD_ByteArray = [Convert]::ToBase64String($bakCryptedPWD_ByteArray)
Set-Content -LiteralPath c:\Temp\pass.txt -Value $B64PWD_ByteArray

<#>
Use...
Add-Type -assembly System.Security
$resCryptedPWD_ByteArray = [Convert]::FromBase64String((Get-Content -LiteralPath "$Password_File"))
$secLevel = [System.Security.Cryptography.DataProtectionScope]::LocalMachine
$clearPWD_ByteArray = [System.Security.Cryptography.ProtectedData]::Unprotect( $resCryptedPWD_ByteArray, $null, $secLevel )
$enc = [system.text.encoding]::Unicode

...To retrieve the password from $Password_File

Then use...

$enc.GetString($clearPWD_ByteArray)

...As your password
</#>