I am trying to understand how PowerShell scripts authenticate with a remote PC. I am not talking about PowerShell remoting, but with cmdlets, etc. A colleague is suggesting I use psexec with the SYSTEM switch so that the kerberos token is sent to the remote PC, but not the ID or password. I initially thought PowerShell was doing that same as long as I wasn’t specifying my username/password in the script itself (get-credential, etc).
Example of PowerShell script that runs on remote PC:
$Computer = 'COMPUTER1' Try { $filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$Computer))" $ComputerObject = ([adsisearcher]$filter).FindOne() $CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store "\\$Computer\My", "LocalMachine" -ErrorAction Stop $CertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly) If ($CertStore.Certificates) { Foreach ($Cert in $CertStore.Certificates) { ### PERFORM ACTION WITH EACH CERT... ### } } } Catch{ ### CATCH ERRORS ### }
Is the above not secure? Any suggestions, etc. would be greatly appreciated. I’d prefer to use PowerShell as it was designed instead of having to use psexec. Psexec will not be efficient when running runspaces, jobs, etc. with 10+ scripts running at once. Is there a way to have PowerShell use the local system account if this IS an issue?