Disallow Kerberos authentication

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.

If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.

If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.


Supported on: At least Windows Vista
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows\WinRM\Service
Value NameAllowKerberos
Value TypeREG_DWORD
Enabled Value0
Disabled Value1

windowsremotemanagement.admx

Administrative Templates (Computers)

Administrative Templates (Users)