Article written by

A technology enthu and a Windows PowerShell MVP working on SharePoint solutions at Dell Inc. Has deep interests in Windows Server OS & Virtualization.

29 Responses

Page 1 of 1
  1. Convert DCs to RODCs in bulk using PowerShell (Part 2 of 3) « jfrmilner's Tech Blog

    [...] Before I could start using DCPROMO I needed to enable multihop-authentication using CredSSP. Now I will not explain this in detail, instead I would like to refer you to the excellent post by Ravikanth Chaganti – http://www.ravichaganti.com/blog/?p=1230 [...]

  2. jfrmilner
    jfrmilner at |

    Thanks again for this post it certainly helped me understand the concept of using CredSSP. I have posted a blog about using CredSSP to DCPROMO a bunch of servers in bulk using PowerShell Remoting please take a look http://wp.me/pFqJZ-1Y
    Regards, jfrmilner

  3. Test-WSManCredSSP: Check if a remote computer has WSMan CredSSP enabled

    [...] article as PDF When using PowerShell remoting, WSMan CredSSP is a requirement if there are multiple hops involved in the remoting scenario. When using remoting in an automation scenario, it becomes very [...]

  4. Karl Prosser
    Karl Prosser at |

    Nice

  5. Ravikanth
    Ravikanth at |

    Thanks Karl

  6. Powershell Remoting Part 3: CredSSP « I Think In Code

    [...] first thing you need to know is that CredSSP is easy to enable on Windows 7 computers. There are WinRM client and service group policy settings to do that. Windows XP requires [...]

  7. Keith
    Keith at |

    Excellent! I am very new to Powershell (and programming in general) and I ran into this exact scenario today. Clear, concise, and well written. This has solved my problem. Thank you.

  8. Ravikanth
    Ravikanth at |

    Thanks! Glad you liked this article.

  9. Kalyan
    Kalyan at |

    excellent work! although I have small question from the caution you have given above for “Caution: CredSSP authentication delegates the user’s credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.”……is there a safer alternative to this?

  10. Boriskey
    Boriskey at |

    awesome articles and book, Ravikanth! you saved me many hours of work. I think this post will compliment your article for people who wants to reuse passwords in automated process http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx

  11. Ravikanth
    Ravikanth at |

    Thanks for sharing. Agree with you on the technet link. But, you have to be careful using that method. If someone gets hold of the file, they can use decryption to retrieve the password.

  12. Ravikanth
    Ravikanth at |

    I don’t think there is. This is not a PowerShell issue though. This is how WinRM works or for that matter any remoting scenario.

  13. PowerShell : How to overcome double-hop problem in PowerShell remoting | Ideas For Free

    [...] 2003 box. If you have Windows 7 or Windows Server 2008 – you may follow tutorial in this link (http://www.ravichaganti.com/blog/?p=1230)So, lets start by defining our function Invoke-RemoteCommand. This command will accept :1. [...]

  14. PowerShell : How to overcome double-hop problem in PowerShell remoting | Ideas For Free

    [...] 2008?  If you have Windows 7 or Windows Server 2008 – you may follow tutorial in this link (http://www.ravichaganti.com/blog/?p=1230). But if you have Windows 2003 or previous version, then you must keep reading.So, lets start by [...]

  15. Jose A. Hernandez
    Jose A. Hernandez at |

    Great article. Do you know if there is a way to bypass the confirmation prompt for automation purposes?

  16. Ravikanth
    Ravikanth at |

    For most of the Enable-* cmdlets, PowerShell provides a -Force Switch. This is meant for silent action.

  17. Configure SharePoint Servers from your Win7 Desktop with PowerShell Remoting « Jimblog

    [...] See Technet or Don Jones Technet Mag or Zach Rosenfield or Jei Li or Ravikanth Chaganti [...]

  18. Gaurav Oberoi
    Gaurav Oberoi at |

    Hi Ravi,

    I am using poweshell automation for executing remote command on sharepoint 2010 farm with CredSSP through a .net wcf application. I am getting  following errors:

    The pipeline has been stopped.
    ApplicationPoolAccount is not found.
    Cannot bind argument to parameter ‘OwnerAlias’ because it is null.

    Do you have any clues what’s going on?

  19. Ravikanth
    Ravikanth at |

    Not sure Gaurav. I am a complete novice in WCF and C# aspects. Picking up though! :)

  20. Loic
    Loic at |

    thank you for sharing, now I’m able to run a network profile on remote sessions ! cool !

  21. kiquenet kiquenet
    kiquenet kiquenet at |

    Which permissions for execute 
    Get-WSManCredSSP command ? I get error: access denied, when I use PS remoting. My remote user is local Administrator in server.

  22. kiquenet kiquenet
    kiquenet kiquenet at |

    which is your configuration server for powershell remoting and CredSSP ? and your source code and config files for wcf service and ps1 script files ?

  23. alex
    alex at |

    This is actually not a trivial matter: Sets the Windows CredSSP policy AllowFreshCredentials to WSMan/Delegate on the client.

    Do you happen to have a script to enable this via command line.

  24. javier
    javier at |

    Hello Ravi,

    I have one question.

    I use powershell remoting in order to deploy sharepoint solutions.
    When i use one machine (sharepoint + sql server) all works fine.
    When i use two machines, sharepoint machine and sql server machine, the remote commands fails, even if i only use commands like get-spsite from the powershell console of the remote machine.

    i don´t know if the things that you comment in your post is valid for sharepoint, or only for one machine that use resources from other machine like files.

    is it necessary for sharpoint when i have two machines like in my environment?

    regards

  25. Javier
    Javier at |

    I answer myself, yes, In a Sharepoint environment with 2 machines if you access via powershell remote to the front end machine and try to execute any comand like get-spsite, it´s necessary the activation of multi-hop

  26. Granular access via PowerShell Remoting | rambling cookie monster

    [...] don’t need to worry about the double hop problem for the first hop to a delegated session, so feel free to store startup scripts on a network share [...]

Comments are closed, but trackbacks and pingbacks are open.

%d bloggers like this: