| title | description | ms.date |
|---|---|---|
ADMX_WindowsRemoteManagement Policy CSP |
Learn more about the ADMX_WindowsRemoteManagement Area in Policy CSP. |
01/18/2024 |
[!INCLUDE ADMX-backed CSP tip]
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsRemoteManagement/DisallowKerberos_1
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
-
If you enable this policy setting, the WinRM service doesn't accept Kerberos credentials over the network.
-
If you disable or don't configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | DisallowKerberos_1 |
| Friendly Name | Disallow Kerberos authentication |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Management (WinRM) > WinRM Service |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service |
| Registry Value Name | AllowKerberos |
| ADMX File Name | WindowsRemoteManagement.admx |
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsRemoteManagement/DisallowKerberos_2
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.
-
If you enable this policy setting, the Windows Remote Management (WinRM) client doesn't use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.
-
If you disable or don't configure this policy setting, the WinRM client uses the Kerberos authentication directly.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | DisallowKerberos_2 |
| Friendly Name | Disallow Kerberos authentication |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Management (WinRM) > WinRM Client |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Client |
| Registry Value Name | AllowKerberos |
| ADMX File Name | WindowsRemoteManagement.admx |