Enable Credential Security Service Provider (CredSSP) authentication on a client computer.
Syntax
Enable-WSManCredSSP [-Role] string
[[-DelegateComputer] string] [CommonParameters]
Key
-Role { Client | Server }
Whether CredSSP should be enabled as a client or as a server.
If CredSSP is enabled on the client, the WS-Management setting:
<localhost|computername>\Client\Auth\CredSSP is set to True.
Also removes any WSMan/* setting from the CredSSP policy AllowFreshCredentials on the client.
If CredSSP is enabled on the server, the WS-Management setting:
<localhost|computername>\Service\Auth\CredSSP is set to True.
-DelegateComputer string
Allow the client credentials to be delegated to the server(s) specified.
The value of string should be a fully qualified domain name.
If -Role specifies a Client, then -DelegateComputer is mandatory.
If -Role specifies a Server, then -DelegateComputer is not allowed.
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
When CredSSP authentication is used, the user's credentials are passed to a remote computer to be authenticated. This type of authentication is designed for commands that create a remote session from within another remote session. For example, running a background job on a remote computer.
Examples
Allow the client credentials to be delegated to the server02 computer:
PS C:> enable-wsmancredssp -role client -delegatecomputer server02.ss64.com
Allow the client credentials to be delegated to all the computers in the SS64.com domain:
PS C:> enable-wsmancredssp -role client -delegatecomputer *.ss64.com
Allow a computer to act as a delegate for another:
PS C:> enable-wsmancredssp -role server
“A foolish man proclaimeth his qualifications; a wise man keepeth them secret within himself” ~ Saskya Pandita
Related PowerShell Cmdlets:
Connect-WSMan - Connect to the WinRM service on a remote computer.
Disable-WSManCredSSP - Disable Credential Security Service Provider authentication.