Reputation: 115
powershell cannot remote to different domain machine with local user account
I am trying to use powershell to remote from machine1.domain1 to machine2.domain2,
a tunnel 127.0.0.1:4048 has been created for machine2.domain2:5985, 4048 is local port in machine1.domain1, 5985 is the remote powershell port in machine2.domain2.
machine2.domain2 has a local user account (created locally in machine2.domain2) with username:user1, password:pwd1
machine2.domain2 also has a domain account username:domain2\user2, password:pwd2
machine3.domain2 is another machine in the same domain and same local network as machine2.domain2.
here are the tests:
using domain account, from machine1.domain1 (success)
$credential = New-Object System.Management.Automation.PSCredential "domain2\user2", (ConvertTo-SecureString "pwd2" -AsPlainText -Force)
New-PSSession 127.0.0.1 -Authentication Credssp -Credential $credential -port 4048
using local account, from machine3.domain2 (success)
$credential = New-Object System.Management.Automation.PSCredential "user1", (ConvertTo-SecureString "pwd1" -AsPlainText -Force)
New-PSSession machine2.domain2 -Authentication Credssp -Credential $credential -port 5985
using local account, from machine1.domain1 (failed, "Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.")
$credential = New-Object System.Management.Automation.PSCredential "user1", (ConvertTo-SecureString "pwd1" -AsPlainText -Force)
New-PSSession 127.0.0.1 -Authentication Credssp -Credential $credential -port 4048
that means: I can use domain account of domain2 to remote from machine1.domain1 to machine2.domain2. but I cannot use local user account of machine2.domain2 to remote from machine1.domain1.
anyone know why?
Upvotes: 0
Views: 340
Answers (1)
Reputation: 115
I missed the ".\" prefix, the username should be ".\user1".
for test2 success, it was because I use the local account (.\user3) to login machine3.domain2, so the powershell can deduce the "user1" to full username be .\user1.
for test3 failed, because i login as domain1/user, then powershell deduce the user name "user1" to domain1/user1 for remoting, which cannot be found in machine2.domain2.
Upvotes: 0
Related Questions
- Enter-PSSession to remote server fails with “access is denied”
- Powershell Remote PSSession Failing - Domain Administrator Account
- Powershell remoting - Policy does not allow the delegation of user credentials
- Remote powershell sessions can only be established with interactively entered credentials?
- powershell credential rejected from server
- Powershell remoting only with domain account
- PowerShell is not using provided credentials
- Cross-Domain Remoting - Issues determining which credentials to use
- PowerShell remoting using a remote local account on a computer on the same domain
- PSSession Access Denied Error