Disable-SmbDelegation
Disable-SmbDelegation
Disables a constrained delegation authorization for an SMB client and server.
Syntax
Parameter Set: Default
Disable-SmbDelegation [[-SmbClient] <String> ] [-SmbServer] <String> [-Force] [ <CommonParameters>]
Detailed Description
The Disable-SmbDelegation cmdlet disables a constrained delegation authorization for a server message block (SMB) client and server. Delegation allows a user who remotes into an SMB client to perform operations on a remote SMB server.
Parameters
-Force
Forces the command to run without asking for user confirmation.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-SmbClient<String>
Specifies the name of the SMB client. The cmdlet disables constrained delegation authorization for the SMB client that you specify.
Aliases |
none |
Required? |
false |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-SmbServer<String>
Specifies the name of the SMB server. The cmdlet disables constrained delegation authorization for the SMB server you specify. If you do not specify the SmbClient parameter, the cmdlet disables constrained delegation authorization for all clients on the server.
Aliases |
none |
Required? |
true |
Position? |
2 |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Notes
This cmdlet relies on Active Directory Windows PowerShell cmdlets to perform its actions. Before you use this cmdlet, you must install the Active Directory cmdlets. To install the Active Directory cmdlets, run the following command:
Install-WindowsFeature RSAT-AD-PowerShell
For more information, typeGet-Help Install-WindowsFeature
.This cmdlet only works with resource-based delegation, and the Active Directory forest must be at the Windows Server 2012 functional level. To check the functional level of the Active Directory forest, use the Get-ADForest cmdlet.
Examples
Example 1: Disable constrained delegation
This command removes the constrained delegation authorization so that a user remotely connected to the SMB client named HVSVR01 can no longer configure resources on the SMB server named FileServer01.
PS C:\> Disable-SmbDelegation –SmbServer "FileServer01" –SmbClient "HVSVR01"
Related topics
Get-ADForest