Do the following on the server:
Enable-WSManCredSSP -Role Server
Do the following on the client:
set-item wsman:localhost\client\trustedhosts -value *
Enable-WSManCredSSP -Role Client –DelegateComputer *
Use gpedit.msc
on the client to enable Delegating Fresh Credentials to WSMAN/*:
- Expand
Local Computer Policy
, expandComputer Configuration
, expand
Administrative Templates
, expandSystem
, and then clickCredential Delegation
. - In the
Settings
pane, double-clickAllow Delegating Fresh Credentials with NTLM-only Server Authentication
. - In the
Allow Delegating Fresh Credentials with NTLM-only Server Authentication
dialog box, do the following: - Click
Enabled
. - In the
Options
area, clickShow
. - In Value, type
WSMAN/*
, and then clickOK
. Make sure that
Concatenate OS defaults with input above
is selected, and then
clickOK
.
The following command now works (after a password prompt):
Invoke-Command { dir \\fileserver\devtools } -computer appserver01 -authentication credssp -credential domain\user
See MSDN forums.
See TechNet