Home » Computers » Enterprise Computing » WinRM & WinRS multi-hop

WinRM & WinRS multi-hop

Multi-Hop Support in WinRM

Windows Remote Management (WinRM) supports the delegation of user credentials across multiple remote computers. The multi-hop support functionality can now use Credential Security Service Provider (CredSSP) for authentication. CredSSP enables an application to delegate the user’s credentials from the client computer to the target server. CredSSP authentication is intended for environments where Kerberos delegation cannot be used. ***Support for CredSSP was added to allow a user to connect to a remote server and have the ability to access a second-hop machine, such as a file share. ***

To configure multi-hop support using CredSSP authentication for WinRM

CredSSP must be enabled in the client configuration settings.
winrm set winrm/config/client/auth '@{CredSSP="true"}'

CredSSP must be enabled in the WinRM service configuration settings.
winrm set winrm/config/service/auth '@{CredSSP="true"}'

Using CredSSP Authentication with Explicit Credentials
winm OPERATION –remote:https://myMachine –authentication:CredSSP –username:myUsername –password:myPassword