Data Flow:
A -> B -> C
Using the example above....If you try to execute a remote command from
computer A against Computer B, if the command requires authentication it will
try to communicate with a Domain Controller (Computer C). This authentication
attempt will fail because Computer B is not trusted as a delegate to pass
credentials by default. To resolve this problem we can enable the Credential
Security Service Provider (CredSSP) Authentication.
Steps:
Make sure windows remote administration has already been enabled on
computer.
On Computer A, enable this feature as a client:
- Enable-wsmancredssp -role client -delegatecomputer "*.domain.com"
On Computer B, enable this feature as a server
- enable-wsmancredssp -role server
Example Code Snippet:
Invoke-Command -authentication credssp -credential "domain\username"
-computer "ComputerB" -scriptblock {try
{import-module lync;
Enable-CsUser -Identity <username> -RegistrarPool
"lync.domain.com" -SipAddressType EmailAddress -SipDomain cpex.com}
catch{write-host $_.exception}
}
A command like this(above) will fail without enabling CredSSP. This solution
of course requires you to interactively type in the password.
No comments:
Post a Comment