I´m currently trying to figure out what´s the best way to set up a PowerShell Jump Server for a Server Environment.
My Idea is to use PowerShell Web Access.
Now my question is, how to circumvent the second hop Problem the best way.
As far as I understand, if I use PSWA to connect to the jump Server (let´s call it Server A), which is also Hosting PSWA I´m using PSRemoting.
Now if I want to connect to another server (Server B) for fan out scripts etc. I Need to get my credentials to server B.
Do I understand it right, that I need to enable the Client-Side of CredSSP on the Jump Server (Server A) and the Server-Side on Server B, because I´m providing my Credentials to log in to server A with the PSWA Login?
Would Kerberos Delegation be a better way to circumvent the second hop Problem? As I understand it, I can give Server A the right to “impersonate” me and use my credentials natively to connect to server B.
How are you configuring your Jump Servers?
Are you using PSWA, direct PSRemoting to the JumpServer or RDP into the jump Server?
Thanks for any suggestions