Export (0) Print
Expand All

Disable-WSManCredSSP

Disable-WSManCredSSP

Disables CredSSP authentication on a computer.

Syntax

Parameter Set: Default
Disable-WSManCredSSP [-Role] <String> [ <CommonParameters>]




Detailed Description

The Disable-WSManCredSSP cmdlet disables Credential Security Support Provider (CredSSP) authentication on a client or on a server computer. When CredSSP authentication is used, the user credentials are passed to a remote computer to be authenticated.

Use this cmdlet to disable CredSSP on the client by specifying Client in the Role parameter. This cmdlet performs the following actions:

-- Disables CredSSP on the client. This cmdlet sets the WS-Management setting <localhost|computername>\Client\Auth\CredSSP to false.

-- Removes any WSMan/* setting from the Windows CredSSP policy AllowFreshCredentials on the client.

Use this cmdlet to disable CredSSP on the server by specifying Server in Role. This cmdlet performs the following action:

- Disables CredSSP on the server. This cmdlet sets the WS-Management setting <localhost|computername>\Service\Auth\CredSSP to false.

Caution: CredSSP authentication delegates the user credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.

Parameters

-Role<String>

Specifies whether to disable CredSSP as a client or as a server. The acceptable values for this parameter are: Client and Server.

If you specify Client, this cmdlet performs the following actions:

-- Disables CredSSP on the client. This cmdlet sets WS-Management setting <localhost|computername>\Client\Auth\CredSSP to false.

-- Removes any WSMan/* setting from the Windows CredSSP policy AllowFreshCredentials on the client.

If you specify Server, this cmdlet performs the following action:

-- Disables CredSSP on the server. This cmdlet sets the WS-Management setting <localhost|computername>\Service\Auth\CredSSP to false.


Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • None

    This cmdlet does not accept any input.


Outputs

The output type is the type of the objects that the cmdlet emits.

  • None

    This cmdlet does not generate any output.


Notes

Examples

Example 1: Disable CredSSP on a client

This command disables CredSSP on the client, which prevents delegation to servers.


PS C:\> Disable-WSManCredSSP -Role Client

Example 2: Disable CredSSP on a server

This command disables CredSSP on the server, which prevents delegation from clients.


PS C:\> Disable-WSManCredSSP -Role Server

Related topics

Community Additions

ADD
Show:
© 2016 Microsoft