Powershell remoting – Policy does not allow the delegation of user credentials

by

Do the following on the server:

Enable-WSManCredSSP -Role Server

Do the following on the client:

set-item wsman:localhost\client\trustedhosts -value *

Enable-WSManCredSSP -Role Client –DelegateComputer *

Use gpedit.msc on the client to enable Delegating Fresh Credentials to WSMAN/*:

  1. Expand Local Computer Policy, expand Computer Configuration, expand
    Administrative Templates, expand System, and then click Credential Delegation.
  2. In the Settings pane, double-click Allow Delegating Fresh Credentials with NTLM-only Server Authentication.
  3. In the Allow Delegating Fresh Credentials with NTLM-only Server Authentication dialog box, do the following:
  4. Click Enabled.
  5. In the Options area, click Show.
  6. In Value, type WSMAN/*, and then click OK. Make sure that
    Concatenate OS defaults with input above is selected, and then
    click OK.

The following command now works (after a password prompt):

Invoke-Command { dir \\fileserver\devtools } -computer appserver01 -authentication credssp -credential domain\user

See MSDN forums.

See TechNet

Leave a Comment