cmdlet, Get, WSManCredSSP

Get-WSManCredSSP

NAME
    Get-WSManCredSSP

SYNOPSIS
    Gets the Credential Security Service Provider-related configuration for the client.

SYNTAX
    Get-WSManCredSSP [<CommonParameters>]

DESCRIPTION
    The Get-WSManCredSPP cmdlet gets the Credential Security Service Provider-related configuration of the client and the server. The output indicates whether Credential Security Service Provider (CredSSP) authentication is enabled or disabled. It also displays configuration information for the AllowFreshCredentials policy of CredSSP. When you use CredSSP authentication, the user’s credentials are passed to a remote computer to be authenticated. This type of authentication is designed for commands that create a remote session from within another remote session. For example, you use this type of authentication if you want to run a background job on a remote computer.

    The cmdlet performs the following actions:

        – Gets the WS-Management CredSSP setting on the client (<localhost|computername>\Client\Auth\CredSSP).
        – Gets the Windows CredSSP policy setting AllowFreshCredentials.
        – Gets the WS-Management CredSSP setting on the server (<localhost|computername>\Service\Auth\CredSSP).

    Caution: CredSSP authentication delegates the user’s credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.

    To disable CredSSP authentication, use the Disable-WSManCredSSP cmdlet. To enable CredSSP authentication, use the Enable-WSManCredSSP cmdlet.

PARAMETERS
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    None
        This cmdlet does not accept any input.

OUTPUTS
    None
        This cmdlet does not generate any output.

NOTES

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-WSManCredSSP

    Description
    ———–
    This command displays CredSSP configuration information for both the client and server.

    The output identifies that this computer is or is not configured for CredSSP.

    If the computer is configured for CredSSP, this is the output:

    “The machine is configured to allow delegating fresh credentials to the following target(s): WSMan/server02.accounting.fabrikam.com”

    If the computer is not configured for CredSSP, this is the output:

    “The machine is not configured to allow delegating fresh credentials.”

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkId=141443
    Connect-WSMan
    Disable-WSManCredSSP
    Disconnect-WSMan
    Enable-WSManCredSSP
    Get-WSManInstance
    Invoke-WSManAction
    New-WSManInstance
    New-WSManSessionOption
    Remove-WSManInstance
    Set-WSManInstance
    Set-WSManQuickConfig
    Test-WSMan