Disable-SmbDelegation

  • Article

Disable-SmbDelegation

Disables a constrained delegation authorization for an SMB client and server.

Syntax

Parameter Set: Default
Disable-SmbDelegation [[-SmbClient] <String> ] [-SmbServer] <String> [-Force] [ <CommonParameters>]

Detailed Description

The Disable-SmbDelegation cmdlet disables a constrained delegation authorization for a server message block (SMB) client and server. Delegation allows a user who remotes into an SMB client to perform operations on a remote SMB server.

Parameters

-Force

Forces the command to run without asking for user confirmation.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SmbClient<String>

Specifies the name of the SMB client. The cmdlet disables constrained delegation authorization for the SMB client that you specify.

Aliases

none

Required?

false

Position?

1

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SmbServer<String>

Specifies the name of the SMB server. The cmdlet disables constrained delegation authorization for the SMB server you specify. If you do not specify the SmbClient parameter, the cmdlet disables constrained delegation authorization for all clients on the server.

Aliases

none

Required?

true

Position?

2

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Notes

  • This cmdlet relies on Active Directory Windows PowerShell cmdlets to perform its actions. Before you use this cmdlet, you must install the Active Directory cmdlets. To install the Active Directory cmdlets, run the following command:
    Install-WindowsFeature RSAT-AD-PowerShell
    For more information, type Get-Help Install-WindowsFeature.

    This cmdlet only works with resource-based delegation, and the Active Directory forest must be at the Windows Server 2012 functional level. To check the functional level of the Active Directory forest, use the Get-ADForest cmdlet.

Examples

Example 1: Disable constrained delegation

This command removes the constrained delegation authorization so that a user remotely connected to the SMB client named HVSVR01 can no longer configure resources on the SMB server named FileServer01.

PS C:\> Disable-SmbDelegation –SmbServer "FileServer01" –SmbClient "HVSVR01"

Enable-SmbDelegation

Get-ADForest

Get-SmbDelegation

Install-WindowsFeature