Observations on “Secrets of PowerShell Remoting”

Secrets of PowerShell Remoting is an exceptional ebook that covers PowerShell remoting. I specifically read “v3 Secrets of PowerShell Remoting.pdf” and I would like to discuss two observations I made.

First observation

On page 19, the first bullet point “Connect to a machine in another domain” may be misleading. If the other domain is in the same forest or in another forest with a two-way trust relationship (as in the example given in pages 43 to 46), then AD does mutual authentication and the connection succeeds. In the example given in pages 43 to 46, the connection fails because of the third bullet point in page 19 (“Connect via a DNS alias…”). So, on page 19, the first bullet point may need to be “Connect to a machine in a domain that is not trusted”.

Second observation

On page 47, the reader may think that CredSSP is the only option for solving “the second hop problem”. Perhaps it would be better if there was a note that stated that besides CredSSP, “the second hop problem” can also be solved with Kerberos delegation. (The reader must not be lead to think that CredSSP is the only method to solve the problem. The example of “the second hop problem” solution in page 48 is a case where both Kerberos delegation and CredSSP can be used.)

The solution of “the second hop problem” using Kerberos delegation is stated in the following resources:

 

Advertisements

About Dimitrios Kalemis

I am a systems engineer specializing in Microsoft products and technologies. I am also an author. Please visit my blog to see the blog posts I have written, the books I have written and the applications I have created. I definitely recommend my blog posts under the category "Management", all my books and all my applications. I believe that you will find them interesting and useful. I am in the process of writing more blog posts and books, so please visit my blog from time to time to see what I come up with next. I am also active on other sites; links to those you can find in the "About me" page of my blog.
This entry was posted in Administration. Bookmark the permalink.