我是powershell的新手,我在使用凭据委派时遇到了困难。我有以下脚本:
$session = New-PSSession myserver -Authentication CredSSP -Credential DOMAIN\Administrator
Invoke-Command -Session $session -ScriptBlock { <Some PowerShell Command> }
在运行之前,我做了以下操作:
- 在我的服务器上运行
Enable-PSRemoting
。 - 在我的服务器上运行
Enable-WSManCredSSP Server
。 - 在我的服务器上运行
Restart-Service WinRM
。 - 在客户端上运行
Enable-WSManCredSSP Client –DelegateComputer myserver
。 - 重新启动了服务器和客户端。
但是一旦运行脚本,我就会收到以下错误信息:
[myserver] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. A computer policy does not allow the delegation of
the user credentials to the target computer. Use gpedit.msc and look at the following policy: Computer Configuration -> Administrative Templates -> System -> Credentials Delega
tion -> Allow Delegating Fresh Credentials. Verify that it is enabled and configured with an SPN appropriate for the target computer. For example, for a target computer name "m
yserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain.com. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionOpenFailed
我已经按照错误信息中提到的政策进行了检查,但一切似乎都没问题。还有什么可能会阻止我吗?
Enable-PSRemoting
? - BlackHatSamurai