I'm having trouble trying to check a list of remote machines if CredSSP is enabled. When my script connects to the machine and executes the command. It ends up returning false. If I connect to that same machine via RDP and execute the same command, it will return true. Here is my script:
foreach ($server in $servers.Split(",").Trim()) {
$pw = ConvertTo-SecureString 'password' -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentList "Domain\user", $pw
$session = New-PSSession -ComputerName $server -Credential $cred
$output = (Get-Item WSMan:\localhost\Service\Auth\CredSSP).value
Write-Host $server : $output
Remove-PSSession -Session $session
}
Does anyone have an insight into this?
You're not running Get-Item remotely.
Try:
$ServerList = $servers.Split(",").Trim();
$pw = ConvertTo-SecureString 'password' -AsPlainText -Force;
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentList "Domain\user", $pw;
Invoke-Command -ComputerName $ServerList -Credential $cred -ScriptBlock { Get-Item WSMan:\localhost\Service\Auth\CredSSP; } |
Select-Object PSComputerName, Value;
You could use Invoke-Command -Session $session instead Invoke-Command -ComputerName $ServerList, but there's no need to make a loop and mess around creating and removing sessions by hand.