Hello Maxwell,
I really appreciate you asking this question, I’ve learned quite a bit. I feel a bit ignorant for not identifying this sooner. This is 100% a double-hop issue. This article explains it exactly. Win32_useraccount cannot enumerate the domain user objects without either having stored credentials or credSSP. If you run the command again like this, you should see success.
$TargetServer = '1GOTVASW020-SQL'
# configure the computer you directly connect to
$null = Invoke-Command -ScriptBlock {
Enable-WSManCredSSP -Role Server -Force | Out-String
} -ComputerName $TargetServer
# establish CredSSP trust
$null = Enable-WSManCredSSP -Role Client -DelegateComputer $TargetServer -Force
$argsArray = @()
$data =Invoke-Command -ComputerName $TargetServer -ScriptBlock {
Param(
[ValidateNotNullOrEmpty()]
[string]$User
)
$result = c:\winrmconfig.ps1 -Action enable -ListenerType http -User xys@contoso.locol
Return $result
} -Credential (Get-Credential -Message "Your admin credentials") -Authentication Credssp
Hello Doug,
Good News! - It worked.
I ran this script for a remote server and it worked just fine.
However i noticed that it asks for my Credentials before running, so how do i make it run for 500 servers in a loop without asking me for the cred over and over again? Can we take Server lists in $server and Credentials in $cred and run it through loop. What is your recommendation,
Special Note: I truly appreciate your time in this matter. Not many out there take forum queries that seriously unless its Powershell.org forum and a person like you.
This is a great community
This is a still ongoing problem/discussion. How to store credentials for automated scripts. You have a few choices. If you have Azure, they’ve recently enhanced the credential handling there. Otherwise you can save credentials to a file, or a scheduled task. There are security concerns no matter which way you go. There are several articles that discuss this topic right here on powershell.org. I’ve linked a couple below. If the script is going to be ran from the same profile/computer than you can use the windows DPAPI. If you need to decrypt many places then use a custom key for encryption. Check the links below to find out more about storing your credentials.
https://powershell.org/forums/topic/credentials/
https://powershell.org/forums/topic/powershell-script-to-login-in-remote-machine/
https://powershell.org/forums/topic/passing-specific-credentials-to-remote-session/
https://powershell.org/2013/11/saving-passwords-and-preventing-other-processes-from-decrypting-them/
https://powershell.org/2014/02/revisited-powershell-and-encryption/
Hello Doug,
Thank you for all your suggestions I was able to modify the script as per my need. Now its working for multiple remote servers. It wouldnt have been possible without your help. Thank you soooo much
Good day and Stay safe
I’m glad I was able to help. Thanks for the kind words, I hope you all stay safe as well.