Policy selection for ADMX packs

Policy overview

Key metadata and intent for this policy.

ClassComputer

CategoryWindows Components > Windows Remote Management (WinRM) > WinRM Service

Supported onAt least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens. If you enable this policy setting, the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request, based on a supplied channel binding token. If you disable or do not configure this policy setting, you can configure the hardening level locally on each computer. If HardeningLevel is set to Strict, any request not containing a valid channel binding token is rejected. If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks). If HardeningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).

Internal name

CBTHardeningLevel_1

Policy ID

d655cf6a4a91

Elements

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

Element	Type	Registry mapping	Constraints & behavior
Hardening Level: ID HardeningLevelCombo	enum	HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\CbtHardeningLevel Type REG_SZ	Options: None (None), Relaxed (Relaxed), Strict (Strict)

Other policies in this category

Explore related policies at the same level.