March 30, 2014 at 10:54 am #14189
I have powershell up and running on all clients and the server in an SBS2008 environment.
Establishing remote sessions to the clients, server etc work just fine. My question is can I establish a remote powershell session to one of the clients or server from a computer running powershell that is not part of the domain? I have domain credentials.
March 30, 2014 at 10:57 am #14190
You can, but you either need to be using an HTTPS listener, or you need to configure the TrustedHosts list on your client.
March 30, 2014 at 11:12 am #14191
March 30, 2014 at 11:22 am #14192
Thanks for the quick replies. I will check out the references.
Just to make sure I have the nomenclature correct when you say client – that is the machine you would be remoting "To". And that is the one where either HTTP listener or trustedhosts would need to be configured.
In the trusted hosts you would include the name/ip of the non-domain machine that your are trying to initiate a connection from.
March 30, 2014 at 11:27 am #14193
Nope, other way around. Client is the computer you're connecting "from", and that's the one where you'd configure TrustedHosts, if that's the option you decide to take. If you go with HTTPS, you set that up on the computer(s) you're remoting to (which you'd generally call the "server", even if it's a client operating system.)
In both cases, what you're doing is making the client feel happy about connecting to a computer that can't use Kerberos authentication. If you use HTTPS, the client is still able to authenticate the server before sending any usernames / passwords, and if you use the TrustedHosts list, you're telling the client that it can proceed without authenticating a particular server.
March 30, 2014 at 11:33 am #14194
Thanks! That was helpful. I am also assuming that I can use GP to set up the listener.
Practically that would be the easier route, otherwise I need to update the trusted hosts list every time a new computer was added to the domain.
In the scenario where I would be using his I would be connecting the client to the lan the servers would be located via a VPN. The servers would not be reachable via a public WAN.
You must be logged in to reply to this topic.