This all but new, but a friend of mine needed to install an update on a bunch of servers yesterday, he figured out how to execute the update but did not have the time to fix the needed configuration in active directory to setup Kerberos Delegation correctly. I told him that it can be done using CredSSP. It is possible to configure CredSSP using group policy, but there are some issues regarding certain software that does not like that configuration using policy’s and therefore I use PowerShell to set this up.
What is CredSSP?
Basically it allows you to store the credentials on the remote computer to allow you to take the double hop to the next computer, think of it as connecting using RDP and in the RDP session you connect to a file share. We all do that and we don’t think of that as anything strange, but it we should since we are doing a double-hop which is one of those long lasting issues with credentials in the Windows world. You can read about this any MANY locations, one of them is here: http://blogs.technet.com/b/heyscriptingguy/archive/2012/11/14/enable-powershell-quot-second-hop-quot-functionality-with-credssp.aspx
Download it from: http://1drv.ms/1r1LAiF
The script will configure your client (the machine you are using as your remote computer, in other words, the machine you are interactively logged on to) and the it will then configure the computers that needs to be able to store your credentials so that they can be used to access files from a network share, finally it will test and verify that it works by accessing a remote file share.
Leave a Reply