I am troubleshooting what I think is a Kerberos double-hop permissions issue. Here’s the setup:
Server1 = Windows Server 2008 R2
Client1 = Windows 7
The account context in use is the same account on both systems and this account is in the local Administrators group.
On Server1 I have created a symbolic link to a folder on Client1 as follows:
MKLink /D c:\workspace \Client1\c$\workspace
On Client1 I attempt a remote access to Server1 and, via the symbolic link back to the target folder as follows:
This last command returns:
“Access to the path c:\workspace is denied.
Note that there is no issue executing Get-ChildItem on the target remotely linked folder while logged directly onto Server1.
I have attempted to resolve the issue with Enable-WSManCredSSP on Client1 as the “Client” Role and on Server1 as the “Server” Role but to no avail.
I have not as yet requested that the Active Directory record for Server1 be granted rights to delegate. Will try that next but if anyone has any suggestions other than that please let me know.