什么安全设置阻止远程 PowerShell 2.0 访问 UNC 路径 [英] What security setting is preventing Remote PowerShell 2.0 from accessing UNC paths
问题描述
这太疯狂了,我开始使用 PowerShell.当然,我需要远程进行管理员工作.
This is just crazy, I am starting on PowerShell. And of course I need to do Admin work remotely.
简单的
dir \\server\share\folder
只是拒绝工作,我收到此错误
Just refuses to work, I get this error
Get-ChildItem : Cannot find path '\\server\share\folder' because it does not exist.
+ CategoryInfo : ObjectNotFound: (\\server\share\folder:String) [Get-ChildItem], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
对我来说很明显这是一个访问权限问题.我们在公司有一个域名.我在 VNC 上使用完全相同的用户帐户登录到服务器,我可以看到 UNC 路径.但是每当我尝试使用远程连接从我的桌面复制文件时.它根本行不通!!!!
To me it is pretty obvious it is an access rights issue. And we do have a domain here at the company. I am logged in to the server, with the exact same user account, on VNC and I can see the UNC path. But whenever I try to just copy a file from my desktop with the remote connection. It just won't work!!!!
我可以做很多其他的事情,所以我很确定我是有联系的.
I can do many other things so I am positive I am connected.
推荐答案
要使其正常工作,您必须同时配置本地和远程计算机.
To get this to work, you must configure both your local and remote computers.
在远程服务器上,运行以下命令:
Enable-WSManCredSSP -Role server
如果您运行 Get-WSManCredSSP
cmdlet 并获得以下输出,您就会知道事情已正确配置:
You'll know things are confgured correctly if you run the Get-WSManCredSSP
cmdlet and get the following output:
机器未配置为允许委派新凭据.此计算机配置为从远程客户端计算机接收凭据.
The machine is not configured to allow delegating fresh credentials. This computer is configured to receive credentials from a remote client computer.
在您的本地计算机上,在管理 PowerShell 提示符下,您需要在 PowerShell 中允许凭据委派.运行以下命令:
On your local computer, from an Administrative PowerShell prompt, you need to allow credential delegation in PowerShell. Run the following command:
Enable-WSManCredSSP -Role Client -DelegateComputer <REMOTE_COMPUTER_NAME>
您可以通过对 REMOTE_COMPUTER_NAME
使用 * 来启用所有服务器.
You can enable all servers by using * for REMOTE_COMPUTER_NAME
.
当您运行 Get-WSManCredSSP 并获得以下输出时,您就会知道这是正确配置的:
You'll know this is configured correctly when you run Get-WSManCredSSP and get the following output:
机器配置为允许将新凭据委派给以下目标:wsman/REMOTE_SERVER_NAME
此计算机未配置为从远程客户端计算机接收凭据.
The machine is configured to allow delegating fresh credentials to the following target(s): wsman/REMOTE_SERVER_NAME
This computer is not configured to receive credentials from a remote client computer.
在您的本地计算机上,更新组策略以允许将您的凭据委托给远程服务器.
On your local machine, update Group Policy to allow your credentials to be delegated to the remote server.
- 打开 gpedit.msc 并浏览到计算机配置 > 管理模板 > 系统 > 凭据委派.
- 双击允许使用仅 NTLM 服务器身份验证委派新凭据".
- 启用设置并将构建服务器作为 WSMAN/BuildServerName 添加到服务器列表中.(您可以通过输入 WSMAN/* 启用所有服务器.)
然后,当您需要在远程服务器上运行您的命令时,您不能使用任何 *-PSSession 命令,因为 CredSSP 不能使用缓存凭据.您必须使用 Invoke-Command
启动会话,并使用 CredSSP 作为 Authentication 参数的值,如下所示:
Then, when you need to run your command on the remote server, you can't use any of the *-PSSession commands because CredSSP can't use cached credentials. You have to start the session using Invoke-Command
, and use CredSSP as the value to the Authentication parameter, like so:
Invoke-Command -ScriptBlock { # remote commands here } `
-ComputerName <REMOTE_COMPUTER_NAME> `
-Authentication CredSSP `
-Credential <USERNAME>
这篇关于什么安全设置阻止远程 PowerShell 2.0 访问 UNC 路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!