Set-Location from remote session

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Hermann Hermann 5 months, 1 week ago.

  • Author
    Posts
  • #60082
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    I am writing a script that is going to modify / change NTFS permissions from the domain controller w2k8-dc2 modifying the file server ntfs permissions. I am working / testing the script from a remote session to the domain controller w2k8-dc2 from my local computer.

    However, I am trying to Set-Location to the remote server server from the domain controller (w2k8-dc2) and I can't set the location from within my remote session, but I can do it from the local desktop of the Domain Controller (w2k8-dc2) which doesn't make sense since I am authenticated to the server with the same domain admin credentials.

    From the Desktop of Server (w2k8-dc2) logged in as a domain admin:

    PS C:\Users\administrator.TECHPRO> set-location \\cfs02\Users$
    
    PS Microsoft.PowerShell.Core\FileSystem::\\cfs02\Users$> 

    Remote session to the same server and and authenticated with same domain admin credentials:

    [Localhost]Enter-PSSession -ComputerName w2k8-dc2 -Credential $credential
    
    [w2k8-dc2]: PS C:\Users\administrator.TECHPRO\Documents> Set-Location \\cfs02\Users$
    Set-Location : Access is denied
        + CategoryInfo          : PermissionDenied: (\\cfs02\Users$:String) [Set-Location], UnauthorizedAcces
    sException
        + FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.SetLocation
    Command
     
    Set-Location : Cannot find path '\\cfs02\Users$' because it does not exist.
        + CategoryInfo          : ObjectNotFound: (\\cfs02\Users$:String) [Set-Location], ItemNotFoundExcepti
    on
        + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetLocationCommand
  • #60084
    Profile photo of Hermann
    Hermann
    Participant

    It seems to me that this is a problem called Second Hop. Read more here (page 48-51):
    https://www.gitbook.com/book/devopscollective/secrets-of-powershell-remoting/details

    The use of CredSSP is considered NOT SAFE.

You must be logged in to reply to this topic.