问题
This is just crazy, I am starting on PowerShell. And of course I need to do Admin work remotely.
A simple
dir \\server\share\folder
Just refuses to work, I get this error
Get-ChildItem : Cannot find path '\\server\share\folder' because it does not exist.
+ CategoryInfo : ObjectNotFound: (\\server\share\folder:String) [Get-ChildItem], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
To me it is pretty obvious it is an access rights issue. And we do have a domain here at the company. I am logged in to the server, with the exact same user account, on VNC and I can see the UNC path. But whenever I try to just copy a file from my desktop with the remote connection. It just won't work!!!!
I can do many other things so I am positive I am connected.
回答1:
To get this to work, you must configure both your local and remote computers.
On the remote server, run the following command:
Enable-WSManCredSSP -Role server
You'll know things are confgured correctly if you run the Get-WSManCredSSP cmdlet and get the following output:
The machine is not configured to allow delegating fresh credentials. This computer is configured to receive credentials from a remote client computer.
On your local computer, from an Administrative PowerShell prompt, you need to allow credential delegation in PowerShell. Run the following command:
Enable-WSManCredSSP -Role Client -DelegateComputer <REMOTE_COMPUTER_NAME>
You can enable all servers by using * for REMOTE_COMPUTER_NAME.
You'll know this is configured correctly when you run Get-WSManCredSSP and get the following output:
The machine is configured to allow delegating fresh credentials to the following target(s): wsman/REMOTE_SERVER_NAME
This computer is not configured to receive credentials from a remote client computer.
On your local machine, update Group Policy to allow your credentials to be delegated to the remote server.
- Open gpedit.msc and browse to Computer Configuration > Administrative Templates > System > Credentials Delegation.
- Double-click "Allow delegating fresh credentials with NTLM-only Server Authentication".
- Enable the setting and add the build server to the server list as WSMAN/BuildServerName. (You can enable all servers by entering WSMAN/*.)
Then, when you need to run your command on the remote server, you can't use any of the *-PSSession commands because CredSSP can't use cached credentials. You have to start the session using Invoke-Command, and use CredSSP as the value to the Authentication parameter, like so:
Invoke-Command -ScriptBlock { # remote commands here } `
-ComputerName <REMOTE_COMPUTER_NAME> `
-Authentication CredSSP `
-Credential <USERNAME>
回答2:
Powershell also uses Internet Explorer security settings on running remote scripts.
I have found that, for whatever machine you are trying to have run a remote script, if I add the unc path of the remote machine to my trusted intrAnet sites, I can run scripts then (assuming my execution policy in posh is set to remotesigned...."set-executionpolicy remotesigned").
I do a ton of administration for multiple servers with and without SQL, and I've never done anything with Enable-WSManCredSSP.
来源:https://stackoverflow.com/questions/8362057/what-security-setting-is-preventing-remote-powershell-2-0-from-accessing-unc-pat