I have the following code:
Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {
move-item 'E:\Maintenance\*.evt' "\\LogServer\SecurityLogs$\$env:computername" -force
}
When it runs it fails with:
‘The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you’
What can I do to make this work please?
Thanks
David Z
Well, couple things you might need to try.
First, you’re likely running into the “second hop” problem by attempting to have the remote machines contact \LogServer. See “Secrets of PowerShell Remoting” for a description of the double-hop stuff.
Second, you can test that by trying to run:
Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock { Write-Output $env:COMPUTERNAME }
Just to test that it’s not the first hop causing a problem.
Thanks - I ran your script and it works fine - the computer names are displayed. I thought it might be a CredSSP issue but this script worked before xmas and now doesn’t work. The only thing that has changed is that the DCs have been restarted. The DCs are all w2k3 with POSH V2 btw (don’t ask!).
Is there any other way to test if it is indeed a double hop issue?
It almost certainly is. Try moving the files to some other local path. If that works, it’s the double-hop.
Well I could put a script on all the domain controllers but that’s yuck as I’m trying to replace vbscripts on all DCs that are currently doing the job. Just when I thought WinRM is my friend I see that she has some life issues 
btw - Your chapter "Accessing Remote Computers’ has a section called "The Second hop’. In the first paragraph it refers to Figure 2.25. Is this supposed to be 2.34?