.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Enable CredSSP for PowerShell
Enable CredSSP to enable easy hopping of credentials with PowerShell.
John Savill
February 12, 2016
1 Min Read
Q. How do I enable CredSSP for hosts to enable hopping in remote PowerShell?
A. When using the normal Kerberos authentication you cannot hop between remote servers, for example I cannot connect to serverA and then perform a remote action on serverB. To enable this type of authentication you need to use CredSSP. CredSSP needs to be enabled on the PowerShell client machine, on the intermediary machine and the ability to delegate fresh credentials must be enabled via policy.
Enable CredSSP for the clientSet-Item WSMAN:localhostclientauthcredssp –value $true
Enable CredSSP for the service on the intermediary server (run this command on all intermediary servers that may be hopped from)Set-Item WSMAN:localhostserviceauthcredssp –value $true
Enable the delegation of fresh credentials for a list of target servers, while you can do all servers it would be better to restrict to a set, for example all machines in the domain. Open a Group Policy Object and navigate to Computer Configuration > Policies > Administrative Templates > System > Credential Delegation > Allow Delegation of Fresh Credentials. Enable the policy and set the value via the Show button, e.g. *.savilltech.net then click OK. Once the change is made the GPO will need time to be applied to the machines.
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
