Policy

Disallow Kerberos authentication

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.

Policy
PackMicrosoft Windows
CategoryWindows Components / Windows Remote Management (WinRM) / WinRM Service
Policy ID0e9acd30e392
Internal nameDisallowKerberos_1

Registry

Copy registry mappings

HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\AllowKerberos (enabled) = 0
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\AllowKerberos (disabled) = 1

Policy notes

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.

Related policies