Get-Service -ComputerName in PSSession (require other privileges)


I can successfully create a remote session using Enter-PSSession to a server SRV_A from a computer MyComputer. Inside this session if I execute the cmdlet Get-Service -ComputerName ComputerB, I get the error “Cannot open Service Control Manager on computer ‘ComputerB’. This operation might require other privileges.”. But when I do the cmdlet “Get-Service -ComputerName ComputerB” from a Powershell session directly on SRV_A, it runs correctly. Of course I use the same user to create the remote session (cmdlet Enter-PSSession) than when I log directly on SRV_A. All machines have Powershell 4.0 installed and SRV_A and ComputerB are in the same domain.

What is wrong? Can we not use a “Get-Service -ComputerName xxx” inside a Remote Powershell Session? Do we get not exactly the same right from a Remote Powershell Session than a “normal” Powershell Session with the same user?

Thank you for any help

You’re running into the “double hop” problem, as described in “Secrets of PowerShell Remoting.”

Your credential delegates when you remote to SRV_A. However, once there, your credential cannot (by default) be delegated further. So SRV_A cannot access non-local resources.

The ebook Secrets of PowerShell Remoting describes this in more detail and offers solutions, which usually requires enabling additional authentication mechanisms and setting up multiple-hop delegation.


Thank you for your prompt answer. I tried the following, but still get the same error.

Set-Item WSMAN:\localhost\client\auth\credssp –value $true
Set-Item WSMAN:\localhost\service\auth\credssp –value $true
Enable-WSManCredSSP –Role Server

On MyComputer:
Set-Item WSMAN:\localhost\client\auth\credssp –value $true
Enable-WSManCredSSP –Role Client –Delegate SRV_A

As I’m not an expert in authentication mechanism, I’m a bit lost… What did I miss?

Likely the cmdlet isn’t enabled for CredSSP. Try using it in Invoke-Command.