PolicyPicker

Disallow Kerberos authentication

Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer

Category

Windows Components > Windows Remote Management (WinRM) > WinRM Service

Supported on

At least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.

Internal name

DisallowKerberos_1

Policy ID

0e9acd30e392

Elements

Registry values

How enabled and disabled states update the registry.

Scope	Registry location	Type	Enabled value	Disabled value	Copy
Computer	Path Software\Policies\Microsoft\Windows\WinRM\Service Value name AllowKerberos	REG_DWORD	HKLM 0	HKLM 1

Registry location

Type REG_DWORD · Computer

Path

Software\Policies\Microsoft\Windows\WinRM\Service

Value name

AllowKerberos

Hive

HKLM

Enabled value

Disabled value

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.

Policy overview

Registry values

Policy elements

Other policies in this category