Understanding the Double-Hop Problem in Remoting

by Oct 18, 2016

Whenever you execute PowerShell code remotely with Invoke-Command, your credentials are locked to the machine you initially contacted.

PowerShell remoting by default will never take your credentials and use them to log on to other systems. That sounds like a good idea, but it also limits your code severely in some scenarios.

Here is a typical case that would fail:

$code = 
{
  Get-ChildItem -Path  \\fls01\#TRAIN1\PowerShell\Class  
}

Invoke-Command -ScriptBlock $code -ComputerName server1

The code executing remotely tries to access a file share. Even if you have permissions to access it, the remote code cannot use your identity to authenticate with the third party (the file server in this case).

Twitter This Tip! ReTweet this Tip!