有没有一种简单的方法可以检查系统上是否启用了CredSSP?
[英]Is there an easy way to check if CredSSP is enabled on a systems?
问题描述
I am aware of the Get-WSManCredSSP function; 
我知道Get-WSManCredSSP函数; however, this cmdlet does not work well in a script. 但是,此cmdlet在脚本中不能很好地工作。 This returns a long string similar to the following: 这将返回类似于以下内容的长字符串:
The machine is configured to allow delegating fresh credentials to the following target(s): wsman/*,wsman/*,wsman/*,wsman/*
This computer is configured to receive credentials from a remote client computer.
I cannot easily include this in a script that I am writing, so I'm looking for an alternative way to check CredSSP. 我不能轻易地将其包含在我正在编写的脚本中,因此我正在寻找另一种检查CredSSP的方法。
3 个解决方案
解决方案1
4 已采纳 2013-09-24 03:20:49
Can't you consider using this as documented in the CmdLet help : Gets the WS-Management CredSSP setting on the client ( <localhost|computername>\\Client\\Auth\\CredSSP ). 您是否可以考虑使用CmdLet帮助中记录的内容 :获取客户端上的WS-Management CredSSP设置( <localhost|computername>\\Client\\Auth\\CredSSP )。
On a local machine it gives : 在本地机器上它给出:
(Get-Item WSMan:\localhost\Client\Auth\CredSSP).value
You can use it like this : 你可以像这样使用它:
(Get-Item WSMan:\localhost\Client\Auth\CredSSP).value -eq $false
You can first test if WinRm is available : 您可以先测试WinRm是否可用:
(Get-Service -Name winrm ).Status
解决方案2
2 2014-03-26 09:48:01
I was also struggling with the limitations of the Get-WSManCredSSP output, and found this helper script by Victor Vogelpoel/Ravikanth Chaganti to be really helpful. 我也在努力Get-WSManCredSSP输出的限制,并发现Victor Vogelpoel / Ravikanth Chaganti的这个帮助脚本非常有用。
Some examples: 一些例子:
Check if current machine has been configured as CredSSP server and/or client: 检查当前计算机是否已配置为CredSSP服务器和/或客户端:
(Get-WSManCredSSPConfiguration).IsServer
(Get-WSManCredSSPConfiguration).IsClient
Check if a specified client machine has been set up for delegation: 检查是否已为委派设置指定的客户端计算机:
Get-WSManCredSSPConfiguration | % { $_.ClientDelegateComputer.Contains('clientcomputername') }
解决方案3
0 2017-10-30 18:35:54
(not intended as a replacement for the work of Vogelpoel & Chaganti, but as a quick summary of a quick reading of CredSSP.cs, so you can get a quick grasp of what it's doing - that said, it was tested on several systems I had at hand and seems to work) (不是为了取代Vogelpoel和Chaganti的工作,而是作为快速阅读CredSSP.cs的快速摘要,因此您可以快速掌握它正在做什么 - 也就是说,它在几个系统上进行了测试我手头似乎工作)
function Get-WSManCredSSPState
{
$res = [pscustomobject]@{DelegateTo = @(); ReceiveFromRemote = $false}
$wsmTypes = [ordered]@{}
(gcm Get-WSManCredSSP).ImplementingType.Assembly.ExportedTypes `
| %{$wsmTypes[$_.Name] = $_}
$wmc = new-object $wsmTypes.WSManClass.FullName
$wms = $wsmTypes.IWSManEx.GetMethod('CreateSession').Invoke($wmc, @($null,0,$null))
$cli = $wsmTypes.IWSManSession.GetMethod('Get').Invoke($wms, @("winrm/config/client/auth", 0))
$res.ReceiveFromRemote = [bool]([xml]$cli).Auth.CredSSP
$afcPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentials'
if (test-path $afcPath)
{
$afc = gi $afcPath
$res.DelegateTo = $afc.GetValueNames() | sls '^\d+$' | %{$afc.GetValue($_)}
}
return $res
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.