Contact Info

Crumbtrail

ActiveXperts.com » Administration » Powershell » Powershell 2.0 » Enable-WSManCredSSP

Enable-WSManCredSSP - Powershell 2.0 CmdLet

Microsoft Windows PowerShell is a command-line shell and scripting tool based on the Microsoft .NET Framework. It is designed for system administrators, engineers and developers to control and automate the administration of Windows and applications.

More than hundred command-line tools (so called "cmdlets") can be used to perform system administration tasks and Windows Management Instrumentation (WMI). These cmdlets are easy to use, with standard naming conventions and common parameters, and standard tools for piping, sorting, filtering, and formatting data and objects.

Enable-WSManCredSSP


Short description
Enables Credential Security Service Provider (CredSSP) authentication on a client computer.

Syntax
Enable-WSManCredSSP [-Role] <string> [[-DelegateComputer] <string>] [<CommonParameters>]

Description
The Enable-WSManCredSPP cmdlet enables CredSSP authentication on a client or on a server computer. When CredSSP aut
    hentication is used, the user's credentials are passed to a remote computer to be authenticated. This type of authe
    ntication is designed for commands that create a remote session from within another remote session. For example, yo
    u use this type of authentication if you want to run a background job on a remote computer. 
    
    This cmdlet is used to enable CredSSP on the client by specifying Client in the Role parameter. The cmdlet then per
    forms the following:
    
        - Enables CredSSP on the client. The WS-Management setting <localhost|computername>\Client\Auth\CredSSP is set 
    to true.
        - Sets the Windows CredSSP policy AllowFreshCredentials to WSMan/Delegate on the client. 
        - Note: These settings allow the client to delegate explicit credentials to a server when server authentication
     is achieved.
    
    This cmdlet is used to enable CredSSP on the server by specifying Server in the Role parameter. The cmdlet then per
    forms the following:
    
       - Enables CredSSP on the server. The WS-Management setting <localhost|computername>\Service\Auth\CredSSP is set 
    to true. 
       - Note: This policy setting allows the server to act as a delegate for clients.  
    
    Caution: CredSSP authentication delegates the user's credentials from the local computer to a remote computer. This
     practice increases the security risk of the remote operation. If the remote computer is compromised, when credenti
    als are passed to it, the credentials can be used to control the network session. 
    
    To disable CredSSP authentication, use the Disable-WSManCredSSP cmdlet.