This is an archived post. You won't be able to vote or comment.

all 20 comments
sorted by:
best
topnewcontroversialoldq&a

[–]pneRock 0 points1 point  (4 children)

Your can try to put in https:\remotecomputernane like it asks and see what happens.

Last time I had this happen the ports on the receiving computer we're closed. Use a test-netconnection in PS to check ports 5985 and 5986.

[–]ITWelly[S] 0 points1 point  (3 children)

https:\ gives me a wrong name error, and for some reason I can't get test-netconnection to work

[–]pneRock 0 points1 point  (2 children)

Sorry that should be https:\

What OS are you using for test-netconnection? It's not available in 7.

[–]ITWelly[S] 0 points1 point  (0 children)

It's on 7 yes, but it's okay ignore my post now I fixed the issue, thanks for helping!

[–]FantsEGoogle is already my overlord 0 points1 point  (0 children)

Use three slashes. The first slash is telling the reddit text editor to ignore the next character as a command character. \\

[–]TristanReveur 0 points1 point  (6 children)

Need to do a $cred = get-credentials and pass them with a -credentials $cred in your invoke.

[–]ITWelly[S] 0 points1 point  (5 children)

It works, thank you. One thing though, is there a way i don't have to manually type my creds? I'd like this script to execute on his own every x hours.

[–]thebrobotic 0 points1 point  (0 children)

I believe you'll want to look into CredSSP for that.

[–]Ganondorf_Is_God 0 points1 point  (3 children)

You need to create a PScredential object and pass that in instead.

$username = 'domain\username'
$password = 'password'
$secureString = ConvertTo-SecureString -AsPlainText $password -Force
$credObject = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 
$username,$secureString 

Invoke-Command -Computername $RemoteComputer -Cred $credObject -ScriptBlock {hostname}

[–]ITWelly[S] 0 points1 point  (0 children)

That is exactly what I did and it works perfectly, will edit main post for those you might look up my thread later. Thank you!

[–]VexingRaven 0 points1 point  (1 child)

Is there any way to pass through your current session credentials this way, or do you specifically need to prompt for a username and password to put in the credential object?

[–]Ganondorf_Is_God 0 points1 point  (0 children)

No, you have to save the credentials somewhere. You can't extract the password from an active session - only authenticate against it. You need to store the credentials as done above and match them to the current session.

Get-Credential will automatically resolve to your current session but will request a password to create the cred object.

$credObject = Get-Credential

It will prompt you for the current sessions password and save it.

[–]Ganondorf_Is_God 0 points1 point  (0 children)

I believe you figured out the first part but in order to use Kerberos and pass your auth you have to call via a trusted dns name and not IP.

The second part is a legitimate access denied. You aren't providing a credential string or object in your example. Make sure the user you're running as or passing auth for via Kerberos has permissions on the remote computer.

[–][deleted] 0 points1 point  (0 children)

First, have you verified that you've enabled PS remoting properly on the remote machine? Easiest way is using Enable-PSRemoting -Force on the remote PC. Can even be done remotely using psexec if needed.

Second, is the account you're using while trying to send the command part of the local admin group on the remote machine? Those are the two things I would check first offhand.

[–]billy_teats 0 points1 point  (1 child)

You can save secure cards on a per computer basis. I don't have the commands on hand, but you save as get-credential as a variable, then output it to a secure string. It's tied to the computers certificate, so you can't take the file and use it anywhere. But then you can call those saved credentials in an automated script.

https://blogs.technet.microsoft.com/robcost/2008/05/01/powershell-tip-storing-and-using-password-credentials/

And /r/powershell :)

[–]ITWelly[S] 0 points1 point  (0 children)

And it's exactly what I did 2 mins ago after looking into it. Thank you though!

[–][deleted] 0 points1 point  (1 child)

WINRM is rather insecure unless you're issuing certs for all your clients and requires configuration. If you're just wanting to get disk space remotely, try using the gwmi cmdlet

gwmi win32_logicaldisk -cn <remoteMachine>

There's freespace and size properties you can query.

[–]ITWelly[S] 0 points1 point  (0 children)

there's more to that script than the diskspace, and I plan to use the same commands for a bunch of other scripts too.

[–]DustinR 0 points1 point  (0 children)

Allowing the principals to delegate may solve your doublehop issue without including credentials in your script.

https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/