Cross-Forest Remoting

by smcreamer at 2013-04-19 13:00:08

At my location we have two forests. My account is in Forest A and much of the time I am working domains, servers, users etc in Forest A. I needed to stop a service on server in Forest B. I have an admin server in Forest B with Posh 3.0 , remoting enabled and CredSSP enabled. I can easily remote into the admin server by creating a new PSSession with the credentials for Forest B. When I run:

get- service servicex -computername anotherserver

get-service : Cannot open Service Control Manager on computer ‘anotherserver’. This operation might require other privileges.

What do I need to do to get or stop a service on anotherserver while remoted into the admin server?

by DonJ at 2013-04-19 13:04:49
That gets tricky.

Let’s start conceptually, in a single forest. You have to have run “Enable-WSManCredSSP -role client” on your client, and specified the next server in the hop as a delegate. Then this would work. All thing being equal, between trusting forests, the situation should be similar.

What you didn’t tell me is the security situation between the two forests. Is there a trust?

Also, HOW are you remoting into the Admin Server? What’s the exact command you’re running to create that PSSession?