我想从笔记本电脑上使用Powershell管理公司计算机。
所以我假设我的笔记本电脑是服务器,其余的是客户端。
所以我把我的电脑变成了一台服务器(我发起所有远程连接的电脑)
Enable-WSManCredSSP -Role Server
+我在GPO中输入wsman / *(在启动遥控器的机器上需要)
然后我将其余的计算机客户端作为休耕:
Enable-WSManCredSSP -Role Client -DelegateComputer *
如果一切按照我的说法进行,我可以从服务器连接到客户端,但是我收到错误。 但是,如果我尝试相反的方法,从客户端到服务器它完美地工作(当然我在GPO中设置了wsman / *)。
有人可以解释服务器/客户端角色如何工作吗?。
P.S。 尝试从服务器>连接时出现的错误客户是下午:
Enter-PSSession : Connecting to remote server failed with the following error message : The WinRM client cannot process
the request. CredSSP authentication is currently disabled in the client configuration. Change the client configuration
and try the request again. CredSSP authentication must also be enabled in the server configuration. Also, Group Policy
must be edited to allow credential delegation to the target computer. Use gpedit.msc and look at the following policy:
Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Crede
ntials. Verify that it is enabled and configured with an SPN appropriate for the target computer. For example, for a t
arget computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.do
main.com For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:16
+ Enter-PSSession <<<< -ComputerName 192.168.30.122 -Credential IT -Authentication CredSSP
+ CategoryInfo : InvalidArgument: (192.168.30.122:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
答案 0 :(得分:1)
您是否设置了允许委派Fresh Credentials的政策?
Computer Configuration -> Administrative Templates -> System ->
Credentials Delegation -> Allow Delegating Fresh Credentials.
您的Enter-PSSession调用是什么?
PS> $cred = Get-Credential
PS> Enter-PSSession 192.168.30.122 -Authentication CredSSP -Credential $cred
[xxxx.yyyy.local]: PS C:\Users\zzzz\Documents>