CredSSP without retyping username/password

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 3 years ago.

  • Author
    Posts
  • #14487
    Profile photo of GS
    GS
    Participant

    Is it a limitation of credSSP which requires users to reenter username/passwords second time? Is there a way around it.
    I'm trying to make module with bunch of common tasks which will be delegated to helpdesk personell to perform (reset application pools on remote IIS systems for example). I want them to open WinRM session to central station and from there execute all those cmdlets. Problem is that now they not only need to enter their credentials second time but also they need to put a bunch of additional parameters in all my cmdlets to allow credSSP.
    What is most elegant way to accomplish what I'm looking for if I want to utilize central server they run my cmdlets from?

    Thanks,
    G

  • #14488
    Profile photo of Don Jones
    Don Jones
    Keymaster

    It isn't a limitation so much as a precaution. You're not meant to have an easy time putting passwords in clear text :).

    Read through some of the articles listed at https://powershell.org/?s=credential, and you'll see how others have dealt with the problem.

    What you really want to do is set up a remoting endpoint that (a) lets users connect by using their own identity, which can be passed along automatically, and (b) run the commands in the session under a permanently saved alternate credential. If you look at "Secrets of PowerShell Remoting" (under Free eBooks in our Resources menu), there's a chapter on doing what you're after.

You must be logged in to reply to this topic.