Policy

Disallow Kerberos authentication

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Windows Remote Management (WinRM) > WinRM Client
Supported onAt least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly. If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected. If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.

Internal name
DisallowKerberos_2
Policy ID
75b9aa29f589
Elements
0

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client\AllowKerberosREG_DWORD
0
1

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.

Other policies in this category

Explore related policies at the same level.