I am writing a script that is going to modify / change NTFS permissions from the domain controller w2k8-dc2 modifying the file server ntfs permissions. I am working / testing the script from a remote session to the domain controller w2k8-dc2 from my local computer.
However, I am trying to Set-Location to the remote server server from the domain controller (w2k8-dc2) and I can't set the location from within my remote session, but I can do it from the local desktop of the Domain Controller (w2k8-dc2) which doesn't make sense since I am authenticated to the server with the same domain admin credentials.
From the Desktop of Server (w2k8-dc2) logged in as a domain admin:
PS C:\Users\administrator.TECHPRO> set-location \\cfs02\Users$ PS Microsoft.PowerShell.Core\FileSystem::\\cfs02\Users$>
Remote session to the same server and and authenticated with same domain admin credentials:
[Localhost]Enter-PSSession -ComputerName w2k8-dc2 -Credential $credential [w2k8-dc2]: PS C:\Users\administrator.TECHPRO\Documents> Set-Location \\cfs02\Users$ Set-Location : Access is denied + CategoryInfo : PermissionDenied: (\\cfs02\Users$:String) [Set-Location], UnauthorizedAcces sException + FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.SetLocation Command Set-Location : Cannot find path '\\cfs02\Users$' because it does not exist. + CategoryInfo : ObjectNotFound: (\\cfs02\Users$:String) [Set-Location], ItemNotFoundExcepti on + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetLocationCommand
It seems to me that this is a problem called Second Hop. Read more here (page 48-51):
The use of CredSSP is considered NOT SAFE.
You must be logged in to reply to this topic.