Secrets of PowerShell Remoting is an exceptional ebook that covers PowerShell remoting. I specifically read “v3 Secrets of PowerShell Remoting.pdf” and I would like to discuss two observations I made.
On page 19, the first bullet point “Connect to a machine in another domain” may be misleading. If the other domain is in the same forest or in another forest with a two-way trust relationship (as in the example given in pages 43 to 46), then AD does mutual authentication and the connection succeeds. In the example given in pages 43 to 46, the connection fails because of the third bullet point in page 19 (“Connect via a DNS alias…”). So, on page 19, the first bullet point may need to be “Connect to a machine in a domain that is not trusted”.
On page 47, the reader may think that CredSSP is the only option for solving “the second hop problem”. Perhaps it would be better if there was a note that stated that besides CredSSP, “the second hop problem” can also be solved with Kerberos delegation. (The reader must not be lead to think that CredSSP is the only method to solve the problem. The example of “the second hop problem” solution in page 48 is a case where both Kerberos delegation and CredSSP can be used.)
The solution of “the second hop problem” using Kerberos delegation is stated in the following resources:
- Multi-Hop Support in WinRM
- Winrm – Winrs – Powershell
- PowerShell Remoting and the “Double-Hop” Problem
- Windows PowerShell remoting and delegating user credentials (It states the opposite, but please look at the comments.)
- Hyper-V Remote Management With PowerShell