question

11387285 avatar image
0 Votes"
11387285 asked VickyWang-MFST answered

Is Enter-PSSession secure when using domain administrator account?

Sometimes I need to open a remote power shell session on workstations for administration. It is convenient for me to do this on a domain controller under a domain administrator account. To do this, I run the command: "Enter-PSSession -ComputerName someWorkstation". But is it safe? What are the consequences if, for example, I connect to a workstation infected with viruses in this way? Can a malware use my session to access other workstations or a domain controller? Can malware steal domain administrator credentials?

windows-server-powershellwindows-active-directorywindows-10-securitywindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crypt32 avatar image
1 Vote"
Crypt32 answered

Can malware steal domain administrator credentials?

When you do Enter-PSSession, your credentials aren't sent to remote machine. PowerShell remoting uses Kerberos and your credentials are available to KDC only, remote system doesn't see them. Of course, as long as you do not use CredSSP, which will pass your credentials to remote host and is subject for credential compromise.

Can a malware use my session to access other workstations or a domain controller?

no. When you are authenticated to remote server you present session ticket that is intended only for that specific host. No other host would accept it.
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,
Glad your problem has been solved
Best wishes
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.