Enable CredSSP on multiple remote 2012 R2 hosts

We know SCVMM requires CredSSP to be enabled on remote hosts so admin credentials can be passed on for scripts/commands to run on those hosts. How can this be done via PowerShell on 2012 R2 hosts?

To check CredSSP status (replace the word HostName with the name of a host (yep, one host only):

Invoke-Command -ComputerName HostName -ScriptBlock {Get-Item WSMan:\localhost\Client\Auth\CredSSP}

To enable CredSSP:

Invoke-Command -ComputerName HostName -ScriptBlock {Enable-WSManCredSSP Client -DelegateComputer Hostname -Force}

To check status of and enable CredSSP on multiple remote hosts, supply the names in a .csv file. The below script will pick host names one by one from the csv file and cycle through all of them. It’ll check if CredSSP is enabled, will skip if already enabled and enable if it’s not yet enabled. Here it is:

$csvname = Read-Host "Provide the path to CSV file containing Host list..."
$HostNames = get-content -path $csvname
foreach ($HostName in $HostNames){
$HostCredSSP = Invoke-Command -ComputerName $HostName -ScriptBlock {Get-Item WSMan:\localhost\Client\Auth\CredSSP}

 If ($HostCredSSP.value -eq "false") {Write-Host " CredSSP is not enabled, enabling.. This can take 30s - 1min "
 Enable-WSManCredSSP Client -DelegateComputer $HostName -Force
 Sleep 60}
 Else {
 " CredSSP is already enabled, skipping.. "}
}

Leave a Comment

Your email address will not be published.