Policy
Disallow Negotiate authentication
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client. If you enable this policy setting, the WinRM service does not accept Negotiate authentication from a remote client. If you disable or do not configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\AllowNegotiate | REG_DWORD | 0 | 1 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAllow Basic authenticationAt least Windows Vista
- ComputerAllow CredSSP authenticationAt least Windows Vista
- ComputerAllow remote server management through WinRMAt least Windows Vista
- ComputerAllow unencrypted trafficAt least Windows Vista
- ComputerDisallow Kerberos authenticationAt least Windows Vista
- ComputerDisallow WinRM from storing RunAs credentialsAt least Windows Vista
- ComputerSpecify channel binding token hardening levelAt least Windows Vista
- ComputerTurn On Compatibility HTTP ListenerAt least Windows Vista
- ComputerTurn On Compatibility HTTPS ListenerAt least Windows Vista