Export (0) Print
Expand All

Disable-WSManCredSSP

Updated: May 8, 2014

Applies To: Windows PowerShell 4.0

Disable-WSManCredSSP

Disables Credential Security Support Provider (CredSSP) authentication on a client computer.

Syntax

Parameter Set: Default
Disable-WSManCredSSP [-Role] <String> [ <CommonParameters>]




Detailed Description

The Disable-WSManCredSPP cmdlet disables CredSSP authentication on a client or on a server computer. When CredSSP authentication is used, the user's credentials are passed to a remote computer to be authenticated. This type of authentication is designed for commands that create a remote session from within another remote session. For example, you use this type of authentication if you want to run a background job on a remote computer.

The cmdlet is used to disable CredSSP on the client by specifying Client in the Role parameter. The cmdlet then performs the following:

- Disables CredSSP on the client. The WS-Management setting <localhost|computername>\Client\Auth\CredSSP is set to false.

- Removes any WSMan/* setting from the Windows CredSSP policy AllowFreshCredentials on the client.

The cmdlet is used to disable CredSSP on the server by specifying Server in the Role parameter. The cmdlet then performs the following:

- Disables CredSSP on the server. The WS-Management setting <localhost|computername>\Service\Auth\CredSSP is set to false.

Caution: CredSSP authentication delegates the user's credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.

To disable CredSSP authentication, use the Disable-WSManCredSSP cmdlet.

Parameters

-Role<String>

Accepts one of two possible values: Client or Server. These values specify whether CredSSP should be disabled as a client or as a server.

If the cmdlet is used to disable CredSSP on the client by specifying Client in the Role parameter, then the cmdlet performs the following:

- Disables CredSSP on the client. The WS-Management setting <localhost|computername>\Client\Auth\CredSSP is set to false.

- Removes any WSMan/* setting from the Windows CredSSP policy AllowFreshCredentials on the client.

If the cmdlet is used to disable CredSSP on the server by specifying Server in the Role parameter, the cmdlet performs the following:

- Disables CredSSP on the server. The WS-Management setting <localhost|computername>\Service\Auth\CredSSP is set to false.


Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see  about_CommonParameters (http://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • None

    This cmdlet does not accept any input.


Outputs

The output type is the type of the objects that the cmdlet emits.

  • None

    This cmdlet does not generate any output.


Notes

  • To enable CredSSP authentication, use the Enable-WSManCredSSP cmdlet.

Examples

-------------------------- EXAMPLE 1 --------------------------

This command disables CredSSP on the client, which prevents delegation to servers.


PS C:\> Disable-WSManCredSSP -Role Client

-------------------------- EXAMPLE 2 --------------------------

This command disables CredSSP on the server, which prevents delegation from clients.


PS C:\> Disable-WSManCredSSP -Role Server

Related topics



Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft