PowerShell Scripts, Tips, Expert Advices, Forums, and Resources

Geek Sync Live

Welcome to PowerShell.com, the educational and community site for Windows PowerShell People. Get a quick overview.

Latest Forum Posts

07-22-2016 - Start-Process
07-22-2016 - Compare-object strange behaviour
07-21-2016 - Rename many files in a folder with PowerShell

As a Powershell.com member you will have access to:

  • Daily PowerShell tips written by Microsoft MVPs and other leading Windows PowerShell experts
  • Free Windows PowerShell advice and training provided by Microsoft MVPs and other leading Windows PowerShell experts
  • Access to leading Windows PowerShell blogs
  • A free ebook, Mastering PowerShell, written by Microsoft MVP Dr. Tobias Weltner
PowerTip of the Day

Use CredSSP to Fight Double-Hop Networking Issues

PowerShell 2+

If you do PowerShell remoting, you may have experienced “double-hop” problem. It occurs when you try to pass on your identity from the remote code to a 3rd party. Simple example: the remote code wants to access a file share and needs to authenticate again. This fails.

One way of passing on your authentication info is to use CredSSP, a technology that is used with Remote Desktops, too. It requires a minimal setup both on client and server.

On the server, you need to enable CredSSP:

Enable-WSManCredSSP -Role Server -Force

And on the client, you do the same:

Enable-WSManCredSSP -Role Client -DelegateComputer server123

Now your client and the server “server123” trust each other and can use CredSSP. The next line would execute a script block on the server, and the script block could now pass on your credentials to authenticate elsewhere:

Invoke-Command -ScriptBlock $code -ComputerName server123 -Authentication Credssp -Credential myCompany\myUser

Why is CredSSP not enabled by default? Because “double hopping” is risky business. If the server was hijacked by someone evil, that person could now use your identity to do things on behalf of you. So use this with care, and use it in safe environments only.

Twitter This Tip! ReTweet this Tip!

Copyright 2012 PowerShell.com. All rights reserved.