Enabling CredSSP Trust from One Side

by Oct 20, 2016

As previously shown, CredSSP can be used to remote code without double hop issues. To use CredSSP authentication, though, you need to make adjustments both on your client and on the server so that both trust each other.

That does not mean you need to physically walk up to the server, though. If you’d like to establish a CredSSP trust relationship between your computer and any server (provided PowerShell remoting is enabled on the server), here is what you do:

#requires -Version 2.0 -RunAsAdministrator  

# this is the server you want to communicate with using CredSSP
# the server needs to have PowerShell remoting enabled already
$Server = 'NameOfServer'

Enable-WSManCredSSP -Role Client -DelegateComputer $Server -Force
Invoke-Command { Enable-WSManCredSSP -Role Server } -ComputerName $Server

As you can see, Enable-WSManCredSSP can be executed remotely.

Twitter This Tip! ReTweet this Tip!