Policy
Disallow Kerberos authentication
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\AllowKerberos | REG_DWORD | 0 | 1 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAllow Basic authenticationAt least Windows Vista
- ComputerAllow CredSSP authenticationAt least Windows Vista
- ComputerAllow remote server management through WinRMAt least Windows Vista
- ComputerAllow unencrypted trafficAt least Windows Vista
- ComputerDisallow Negotiate authenticationAt least Windows Vista
- ComputerDisallow WinRM from storing RunAs credentialsAt least Windows Vista
- ComputerSpecify channel binding token hardening levelAt least Windows Vista
- ComputerTurn On Compatibility HTTP ListenerAt least Windows Vista
- ComputerTurn On Compatibility HTTPS ListenerAt least Windows Vista