I'm trying to have constrained endpoint which will run with credentials from different domain (no trust between domain where computer is and what endpoint shall be running under. Is it possible? Trying to register this endpoing ends up in error
Error Message = The verification of the runAs user credentials failed with the error 1326.
Fully Qualified Error ID = System.InvalidOperationException,Microsoft.PowerShell.Commands.SetItemCommand
Severity = Warning
Host Name = ConsoleHost
Host Version = 4.0
Host ID = e0fc0707-f4e5-4563-acc3-8f89c6947a94
Engine Version = 4.0
Runspace ID = 4bffa899-03c7-4641-bf6f-68bcf0b3c6de
Pipeline ID = 51
Command Name = Set-Item
Command Type = Cmdlet
Script Name =
Command Path =
Sequence Number = 2050
User = PROD\gs
Shell ID = Microsoft.PowerShell
They can resolve the credential, question is wether you can run endpoint under credentials in different domain. Say I can use those credentials to access file shares from this box but I can not use them to run endpoint as.
A file share isn't the ideal test of that; the endpoint RunAs credential needs certain rights, like the right to create process objects and tokens. That's different from being able to just access a file share. It's more like being able to log on interactively, although not exactly the same. You probably won't be able to use a RunAs credential from an un trusted domain.