PowerShell 2.0: Accessing Windows Shares during a Remote Session

Question

I am having trouble accessing a shared network location while within a PowerShell remote session.

From the PowerShell prompt, I enter a new session:

Enter-PSSession server1

The session is properly created and entered. I then attempt to list the contents of the share:

dir \\server2\share1

The response is this error:

Get-ChildItem : Cannot find path '\\server2\share1' because it does not exist.

However, if I remote desktop into server1, bring up PowerShell, and execute the very same dir command, the contents are correctly listed.

I've tried various things using credentials, but that doesn't seem to fix it. I've also confirmed via the "whoami" command that I have the same identity in both examples.

What would cause this?

Answer 1

Another option is kerberos resource delegation

eg:

$server_name = "my-server" $servers = @(get-adcomputer -identity $server_name)

$target = "target-server" $tgt_srv = get-adcomputer -identity $target

Set-ADComputer -Identity $to_delegate -PrincipalsAllowedToDelegateToAccount $servers

Answer 2

If you can't use credential delegation as mentioned above, you can mount (or just authenticate as below) the remote share in the remote session using explicit credentials, e.g.

[server1] ps> net use \\server2\share * /user:username
(prompts for password)
[server1] ps> dir \\server2\share
(listing)

This problem has nothing to do with powershell per-se; you are trying to replay your local credentials in a remote session to a third location and falling foul of the NTLM "double hop" limitation.

Answer 3

Read the section "Credential Delegation" Here - Credit to Keith Hill and perform the steps if you have not already done so.