How can I initiate a new CIM session to a Windows server in my domain, from a PC that is not in the domain? I know this works, because I did it recently from the same computer, but I always forget the magic incantation. My PowerShell history contains something like the following, which doesn't work:
$creds = Get-Credential
$sop = New-CimSessionOption -UseSsl
$session = New-CimSession -CN "ft-ads-01" -Credential $creds -Authentication NtlmDomain
# or
$session = New-CimSession -CN "ft-ads-01" -Credential $creds -SessionOption $sop
Remoting is enabled on the server. I can use my domain credentials to access shares, and run PsExec. How do I make CIM/WMI (and possibly mmc snap ins) work, with changing as little configuration as possible?
Especially I'm not sure which transport to use. For wsman with SSL I would need to set up SSL on the server I think. Kerberos should work just going by the protocol, but I think Windows' tools refuse to make a connection when there is no "trust relationship" (in the Unix world, I would sometimes authenticate against an external KDC). I also couldn't get any of the other options to work.
0 Answers