Issues with PowerShell Web Access Authentication Type set as CredSSP

Question

When setting up PowerShell Web Access authentication, by default it uses "Default" as authentication type. I set up CredSSP and it works fine for network authentication. However, I want CredSSP to be default mode of authentication instead "Default". I looked deeply into the configuration for PSWA web in IIS, I see there several values available that override the defaults. defaultAuthentcationType is seen set to 0 which is the right settings. On the web page I can see the select box has the following options

0   Default
1   Basic
2   Negotiate
4   CredSSP
5   Digest
6   Kerberos

3 is missing on the list. My research confirmed that the 3 is NegotiateWithImplicitCredential which is missing on my PowerShell 5.1.15063.966. So when I set defaultAuthenticationType to a number, then the web page defaults to a new option: 7 Admin Specified

When I tried 3 and 4, neither one works with CredSSP. It is just Kerberos I keep getting even when i set defaultAuthenticationType to CredSSP, no Admin option appears and it goes back to Default again.

Anyone with similar experience like this should please share what I can do to use CredSSP

Answer 1

Going by your scenario, try these few steps

On your local machine

PS C:\> Enable-WSManCredSSP -DelegateComputer [ComputerName] -Role Client

Next, You need to enable the server side.

PS C:\> invoke-command {enable-wsmancredssp -Role Server -Force} -ComputerName [ComputerName]

With this in place, you can now re-establish your remote session specifying CredSSP and your credentials.

PS C:\> enter-pssession [ComputerName] -Authentication Credssp -Credential domain\user

Run this authorization command and it would authorize you using CredSSP

PS C:\> Add-PswaAuthorizationRule -rulename "Rule01" -computername [computerName] -username domain\user -configuration microsoft.powershell

Use PS C:\> Get-PswaAuthorizationRule to verify the rule.