Double hop access to copy files without CredSSP

windows powershell windows-xp remoting remote-access
10,202

Solution 1

I found solution which works in our environment.

It is not possible to transfer credentials through double hop without Cred-SSP, but you can run something on target machine without first hop.

The simplest way is to use psexec with -s flag (run remote process in the System account), final string was something like this:

psexec \\someHost -s robocopy "\\stagingHost\Staging" "\\someHost\C$\Staging" /MIR

Also you can start some PS script in same way, just ensure that script execution is allowed on remote machine:

psexec \\someHost -s "\\stagingHost\Staging\Script.ps1" SomeArg1 SomeArg2

Check this article, to understand how psexec works. While service on someHost

Solution 2

CredSSP is the solution to the double-hop problem.

Remove the user's desktop from the equation. Set up a proper build & deployment server/service/application on your build server and manage everything from there. RedGate has a new product that will probably help you greatly with this, Deployment Manager

Share:
10,202
Anton
Author by

Anton

Updated on June 07, 2022

Comments

  • Anton
    Anton almost 2 years

    hello,

    We have large environment with hundreds of virtual machines. During our services deployment we need to copy some files from build drop to all these machines.

    So, we have:

    • User machine, where deployment scripts executing
    • Build drop machine, where files are
    • Target machine

    Powershell is used as script language. Something like:

    $buildDrop     = "\\sourceMachine\Build"
$machineTarget = "targetMachine"

Invoke-Command -ComputerName $machineTarget -ArgumentList $buildDrop -ScriptBlock {
     Param( $buildDrop )
     Test-Path $buildDrop # Will return False
}

    This approach leads to double hop issue, which I'm not able to solve due to CredSSP feature is not supported on XP and 2k3 machines. And copy invoked on user machine leads to performance bottle neck (data travels through user machine).

    Is there any way to make build drop always visible from all target machines? May be somehow add them to trusted location or something like this?

    Thanks in advance!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to keep remote powershell command alive after session end?
PowerShell remoting doesn't work if computer name contains dot
How can I use shared functions in a remote Powershell session?
Set-NetFirewallRule alternative in Windows Server 2008
Why does my PowerShell script hang when called in PSEXEC via a batch (.cmd) file?
Execute program on remote computer using PowerShell
How to allow access to winrs for non-admin user?
Scripting - How to disconnect Remote Desktop sessions?
In which version of Windows is PowerShell installed by default?
Powershell determine the remote computer OS