Get-ChildItem Returns No Files Through Remoting but Works Correctly When Logged In Interactively on Remote System

0

I have just started working with the remoting features of PowerShell 3.0. My current problem is that I can log in to remote machine "secondmachine" and execute the command

gci "\\thirdmachine\share"

And this works properly. However, logged in to "firstmachine", when I execute the command

invoke-command -ComputerName secondmachine -Credential "mydomain\myusername" -ScriptBlock {gci "\\thirdmachine\share"}

This command prompts for the password, executes, but no files are returned. Also, no errors are returned, either.

Note that this is a cut-down example from a larger script, and the initial symptom was that after $var = gci "\\thirdmachine\share", $var.Length was zero.

If I had admin access to "thirdmachine", then I would look at the audits in the security event log to see what happened, but I don't have that access. How can I troubleshoot this problem? Is there a way for me to see which credentials are being used when the command actually executes on "secondmachine"?

John Saunders

Posted 2014-04-11T23:49:27.267

Reputation: 486

Answers

1

What you are doing is basically second-hopping (security delegation) to thirdmachine.

By default this feature is disabled for security reasons but can be enabled on the end point machines using the command

Enable-WSManCredSSP –Role client –DelegateComputer *
Enable-WSManCredSSP –Role server

A more technical explaination can be found here: http://technet.microsoft.com/en-us/magazine/jj853299.aspx

MFT

Posted 2014-04-11T23:49:27.267

Reputation: 542

Thanks, this takes me in the right direction, and I may accept it as the answer. But I don't have an end to end solution yet, so I'll hold off the acceptance for now. – John Saunders – 2014-04-14T16:50:45.610

Asked: 2014-04-11T23:49:27.267

Viewed: 531 times

Active: 2014-04-13T07:53:35.130