什么安全设置阻止远程 PowerShell 2.0 访问 UNC 路径 [英] What security setting is preventing Remote PowerShell 2.0 from accessing UNC paths

问题描述

这太疯狂了，我开始使用 PowerShell.当然，我需要远程进行管理员工作.

This is just crazy, I am starting on PowerShell. And of course I need to do Admin work remotely.

简单的

dir \\server\share\folder

只是拒绝工作，我收到此错误

Just refuses to work, I get this error

Get-ChildItem : Cannot find path '\\server\share\folder' because it does not exist.
    + CategoryInfo          : ObjectNotFound: (\\server\share\folder:String) [Get-ChildItem], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

对我来说很明显这是一个访问权限问题.我们在公司有一个域名.我在 VNC 上使用完全相同的用户帐户登录到服务器，我可以看到 UNC 路径.但是每当我尝试使用远程连接从我的桌面复制文件时.它根本行不通！！！！

To me it is pretty obvious it is an access rights issue. And we do have a domain here at the company. I am logged in to the server, with the exact same user account, on VNC and I can see the UNC path. But whenever I try to just copy a file from my desktop with the remote connection. It just won't work!!!!

我可以做很多其他的事情，所以我很确定我是有联系的.

I can do many other things so I am positive I am connected.

推荐答案

要使其正常工作，您必须同时配置本地和远程计算机.

To get this to work, you must configure both your local and remote computers.

在远程服务器上，运行以下命令:

 Enable-WSManCredSSP -Role server

如果您运行 Get-WSManCredSSP cmdlet 并获得以下输出，您就会知道事情已正确配置:

You'll know things are confgured correctly if you run the Get-WSManCredSSP cmdlet and get the following output:

机器未配置为允许委派新凭据.此计算机配置为从远程客户端计算机接收凭据.

The machine is not configured to allow delegating fresh credentials. This computer is configured to receive credentials from a remote client computer.

在您的本地计算机上，在管理 PowerShell 提示符下，您需要在 PowerShell 中允许凭据委派.运行以下命令:

On your local computer, from an Administrative PowerShell prompt, you need to allow credential delegation in PowerShell. Run the following command:

 Enable-WSManCredSSP -Role Client -DelegateComputer <REMOTE_COMPUTER_NAME>

您可以通过对 REMOTE_COMPUTER_NAME 使用 * 来启用所有服务器.

You can enable all servers by using * for REMOTE_COMPUTER_NAME.

当您运行 Get-WSManCredSSP 并获得以下输出时，您就会知道这是正确配置的:

You'll know this is configured correctly when you run Get-WSManCredSSP and get the following output:

机器配置为允许将新凭据委派给以下目标:wsman/REMOTE_SERVER_NAME
此计算机未配置为从远程客户端计算机接收凭据.

The machine is configured to allow delegating fresh credentials to the following target(s): wsman/REMOTE_SERVER_NAME
This computer is not configured to receive credentials from a remote client computer.

在您的本地计算机上，更新组策略以允许将您的凭据委托给远程服务器.

On your local machine, update Group Policy to allow your credentials to be delegated to the remote server.

1. 打开 gpedit.msc 并浏览到计算机配置 > 管理模板 > 系统 > 凭据委派.
2. 双击允许使用仅 NTLM 服务器身份验证委派新凭据".
3. 启用设置并将构建服务器作为 WSMAN/BuildServerName 添加到服务器列表中.(您可以通过输入 WSMAN/* 启用所有服务器.)

然后，当您需要在远程服务器上运行您的命令时，您不能使用任何 *-PSSession 命令，因为 CredSSP 不能使用缓存凭据.您必须使用 Invoke-Command 启动会话，并使用 CredSSP 作为 Authentication 参数的值，如下所示:

Then, when you need to run your command on the remote server, you can't use any of the *-PSSession commands because CredSSP can't use cached credentials. You have to start the session using Invoke-Command, and use CredSSP as the value to the Authentication parameter, like so:

Invoke-Command -ScriptBlock { # remote commands here } `
               -ComputerName <REMOTE_COMPUTER_NAME> `
               -Authentication CredSSP `
               -Credential <USERNAME>

这篇关于什么安全设置阻止远程 PowerShell 2.0 访问 UNC 路径的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！