Remote Session from non-Domain Computer

This topic contains 5 replies, has 3 voices, and was last updated by  David Montanaro 3 years, 4 months ago.

  • Author
    Posts
  • #14189

    David Montanaro
    Participant

    I have powershell up and running on all clients and the server in an SBS2008 environment.

    Establishing remote sessions to the clients, server etc work just fine. My question is can I establish a remote powershell session to one of the clients or server from a computer running powershell that is not part of the domain? I have domain credentials.

    Thanks

  • #14190

    Dave Wyatt
    Moderator

    You can, but you either need to be using an HTTPS listener, or you need to configure the TrustedHosts list on your client.

  • #14191

    Don Jones
    Keymaster

    The options are well-covered in "Secrets of PowerShell Remoting." https://powershell.org/ebooks.

  • #14192

    David Montanaro
    Participant

    Thanks for the quick replies. I will check out the references.

    Just to make sure I have the nomenclature correct when you say client – that is the machine you would be remoting "To". And that is the one where either HTTP listener or trustedhosts would need to be configured.

    In the trusted hosts you would include the name/ip of the non-domain machine that your are trying to initiate a connection from.

    Thanks,
    David

  • #14193

    Dave Wyatt
    Moderator

    Nope, other way around. Client is the computer you're connecting "from", and that's the one where you'd configure TrustedHosts, if that's the option you decide to take. If you go with HTTPS, you set that up on the computer(s) you're remoting to (which you'd generally call the "server", even if it's a client operating system.)

    In both cases, what you're doing is making the client feel happy about connecting to a computer that can't use Kerberos authentication. If you use HTTPS, the client is still able to authenticate the server before sending any usernames / passwords, and if you use the TrustedHosts list, you're telling the client that it can proceed without authenticating a particular server.

  • #14194

    David Montanaro
    Participant

    Thanks! That was helpful. I am also assuming that I can use GP to set up the listener.

    Practically that would be the easier route, otherwise I need to update the trusted hosts list every time a new computer was added to the domain.

    In the scenario where I would be using his I would be connecting the client to the lan the servers would be located via a VPN. The servers would not be reachable via a public WAN.

You must be logged in to reply to this topic.