-
Notifications
You must be signed in to change notification settings - Fork 1
/
Demo-KerberosDelegation.ps1
43 lines (30 loc) · 998 Bytes
/
Demo-KerberosDelegation.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
return "This is a walk through demo"
#read https://blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely/
# run this on a domain member
# this needs the AD module
$a = $env:computername
$b = 'SRV1'
$c = 'SRV2'
$server = Get-ADComputer $c
$client = Get-ADComputer $b
# Get-CimInstance Win32_Service -Filter 'Name="winrm"' -ComputerName $client.name | Select Startname
#setup the delegation
Set-ADComputer -Identity $Server -PrincipalsAllowedToDelegateToAccount $client
#verify
Get-ADComputer -Identity $Server -Properties PrincipalsAllowedToDelegateToAccount
#need to purge tickets due to 15min SPN negative cache
Invoke-Command -ComputerName $client.Name -ScriptBlock {
klist purge -li 0x3e7
}
#or reboot $B
Enter-PSSession $b
Get-ChildItem \\srv2\c$
#but not this
Get-ChildItem \\dom1\c$
#not using this
Get-WSManCredSSP
exit
#Undo
Set-ADComputer -Identity $Server -PrincipalsAllowedToDelegateToAccount $null
#endregion