Welcome, Guest Login

Rundeck Enterprise Support Center

Enable CredSSP Authentication Windows

Last Updated: Aug 01, 2016 02:52PM PDT
Enable CREPSSP Authentication On Windows Domain


I. On Rundeck Server

I.1 Enable CredSSP


Open a powershell windows and run:


Enable-WSManCredSSP -Role "Client" -DelegateComputer "*.something.com"
(where “something.com” is the DNS domain of the target computer)

or

Enable-WSManCredSSP -Role "Client" -DelegateComputer "*"



I.2. Allow Delegating Fresh Credentials

 
  1. Click Start, type mmc and then click OK.
  2. Click File and then click Add/Remove Snap-in.
  3. Click Group Policy Object and then click Add.
  4. Select Local Computer and then click Finish.
  5. Go to Computer Policy\Administrative Templates\System\Credentials Delegation\Allow Delegating Fresh Credentials → Set to enabled and add WSMAN/* to list of computers and check the box for Concatenate OS defaults with input above.














I.3. Enable CredSSP authentication on Winrm Client


Open a CMD Prompt as an Administrator user and execute:


winrm set winrm/config/client/auth @{CredSSP="true"}
*you need to have winrm service configured and running



II. On the remote node


II.1. Enable CredSSP


Open a powershell windows and run:


Enable-WSManCredSSP -Role "Server"


II.2 Make sure that you enable the CredSSP on WinRM Service settings


To get the WinRm Service config
winrm get winrm/config/service


To enable the CredSSP
winrm set winrm/config/service/auth @{CredSSP="true"}

Troubleshooting


If you are using a non-administrator user (or a not- domain-administrator user) to execute command to remote nodes, you need to set up the access on the remote machine ( to the user or some of its groups, eg: Domain User group).

 
  • To add permissions to non-administrator user to execute remote commands


Set-PSSessionConfiguration Microsoft.Powershell -ShowSecurityDescriptorUI
 
1fb43f9155a47800b95738aff7e657fc@rundeck.desk-mail.com
http://assets0.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete