Policy

Disallow Kerberos authentication

Microsoft Windows

Back to WinRM ClientBack to main
Disallow Kerberos authentication
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Windows Remote Management (WinRM) > WinRM Client
Supported on
At least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly. If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected. If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.

Internal name
DisallowKerberos_2
Policy ID
75b9aa29f589
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Policies\Microsoft\Windows\WinRM\Client
Value name
AllowKerberos
REG_DWORD
HKLM
0
HKLM
1
Registry location
Type REG_DWORD · Computer
Path
Software\Policies\Microsoft\Windows\WinRM\Client
Value name
AllowKerberos
Hive
HKLM
Enabled value
0
Disabled value
1

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.