How to enable CredSSP for PowerShell Remoting through GPO

19 Oct

In a domain environment CredSSP can easily enabled through a GPO. To do so there are three GPO settings to configure:

  1. Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Client > Allow CredSSP Authentication (Enable)
    image
  2. Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) >  WinRM Service > Allow CredSSP Authentication (Enable)
    image
  3. Computer Configuration > Administrative Templates  > System > Credential Delegation > Allow delegation of fresh credentials (add wsman/*<.FQDN of your domain>)
    image
  4. If in your environment are computers in an other, not trusted, AD domain to which you want connect using explicit credential and CredSSP you have to enabled also the following GPO setting.
    Computer Configuration > Administrative Templates  > System > Credential Delegation > Allow delegation of fresh credentials with NTLM-only server authentication (add wsman/*<.FQDN of your other domain>)
    image

Now you are ready to use CredSSP within your PowerShell remote sessions.

And a final word of warning! 😉
When you are using CredSSP your credentials were transferred to the remote system and your account is then a potential target for a pass-to-hash attack. Or with other words an attacker can steal your credentials. So only use CreddSSP with your PowerShell Remote session if you really have a need for it!

Webinar “Azure Automation and PowerShell DSC” (German)

10 Oct

Tomorrow, on Tuesday October 11 2016 at 2pm (CEST) I will do a webinar in German about Azure Automation and PowerShell DSC . I will explain the basic concepts of Azure Automation, Automation Runbook and PowerShell DSC.

A main part of the webinar will be a example scenario to automatically deploy and configure a VM using Azure Automation Runbooks and Azure Automation DSC. I will configure the whole scenario live during the webinar.

image

When you interested in the scripts, which I am using to configure the scenario, you can get it here.

If you like to attend the webinar  you can still register here for free.