PSRemoting into non-domain joined computers

PSRemoting into non-domain joined computers

Today I was trying to Enter-PSSession on a remote machine, from my machine that is not joined to the same domain, and I start getting all kind of authentication error. Basically the problem reside on YOUR machine, not on the server, windows server 2012 has the remoting enabled by default (of course you need to open firewall as well), so what’s the problem? By default, local machine allow remote ps only using Kerberos, and to allow other kind of connection you need to trust the remote machine, but how?

You need to set the TrustedHosts! (to use HTTP protocol, see below for a more secure approach using HTTPS)

To see what’s in the trusted host you can use the Get-Item command:

Get-Item WSMan:\localhost\Client\TrustedHosts

And here’s how to set the value with the Set-Item command:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

Here I’ve set to trust all the remote end-points, so the system does not bore me again, obviously this could harm your computer.

The TrustedHosts item, contains a comma separated value, so to add more server you have to provider a CSV, for instance:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "," -Force

To clear the trusted host you can use the Clear-Item command as follow:

Clear-Item WSMan:\localhost\Client\TrustedHosts -Force

If you don’t specify -Force, you will be warned before continue with the command.

Now you can run your commands remotely on the target machine:

Enter-PSSession -ComputerName -Credential m.denny@mydomain.local

If you plan to use HTTP this guide is fine, however I strongly recommend to implement HTTPS for encrypting the traffic between the client and remote server.

You can follow this guide (took from appveyor wiki) on how to enabling powershell remoting on server and enabling HTTPS protocol.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: