PowerShell : How to overcome double-hop problem in PowerShell remoting

English: I am interesting to the PowerShell remoting topic from PowerShell Cookbook Chapter 29 here (http://www.pavleck.net/powershell-cookbook/ch29.html). In order to solve double-hop problem, it uses schedule task. The sample create schedule task to Enable-PSRemoting in remote machine. But don’t you think we need something more generic to overcome double-hop problem? PowerShell offers Enable-WSManCredSSP or Kerberos so that the process can delegates the credential to execute next-hop process. However,  CredSSP is only available on Windows 7 and above. What about OS before Windows 7 or Windows Server 2008?  If you have Windows 7 or Windows Server 2008 – you may follow tutorial in this link (http://www.ravichaganti.com/blog/?p=1230). But if you have Windows 2003 or previous version, then you must keep reading. So, lets start by defining our function Invoke-RemoteCommand. This command will accept : 1. (Optional) Taskname, name of task identifier 2. Commandline, actual command for example powershell or cmd.exe 3. Username, credential to execute the command 4. Password, password for the credential to execute the command

function Invoke-RemoteCommand{

       $taskname = (get-date -format "'Demo task' dd-MM-yyyy hh.mm.ss"),

       $commandline = "cmd /c 'dir c:\\'",


       \[parameter(Mandatory = $true)\]

    schtasks /create /tn $taskname /tr $commandline /sc weekly  /ru $username /rp $password | out-null
    schtasks /run /tn $taskname | out-null
    write-host "Waiting task execution." -nonewline -foreground green
    do {
      $taskStatus = schtasks /query /fo csv /v | convertfrom-csv | ? { $\_.TaskName.TrimStart("\\") -eq "$taskname"}
      sleep 10
      write-host "." -nonewline -foreground green
    } while ($taskStatus."Status" -eq "Running")
    write-host "Success!" -foreground green
    schtasks /delete /tn $taskname /f | out-null
    return $taskStatus
```  The function will create schedule task on remote machine, execute, wait until execution complete and return the result.

For example, we want to list directory of the ServerX by issuing command to ServerY. Normally, following command will fail because of double-hop problem (it doesn’t matter whether you supply user credential, it will still failed):

Invoke-Command -ComputerName ServerY -Script { “dir \\ServerX\d$” }

Using the new function, we change the command into

invoke-command -script { Invoke-RemoteCommand -cmd “powershell -noprofile -command ‘dir \\ServerX\d$’” -username “domain\user” -password “password” }

The last script will performs following: 1. Create schedule tasks with a specific identifier 2. Command in schedule task is “powershell –noprofile …..” 3. Execute schedule tasks 4. Wait until execution completes 5. Return the status Finally, the script will work in Windows 2003 , Windows 7, Windows Vista or Windows 2008.
Riwut Libinuko
Sr. Cloud Solution Architect

My research interests include distributed robotics, mobile computing and programmable matter.

comments powered by Disqus