Disable-WSManCredSSP

Disable Credential Security Service Provider (CredSSP) authentication on a client computer.

Syntax
      Disable-WSManCredSSP [-Role] string [CommonParameters]

Key
   -Role { Client | Server }
       Whether CredSSP should be disabled as a client or as a server.

       If CredSSP is disabled on the client, the WS-Management setting:
       <localhost|computername>\Client\Auth\CredSSP is set to false.
       Also removes any WSMan/* setting from the CredSSP policy AllowFreshCredentials on the client.

       If CredSSP is disabled on the server, the WS-Management setting:
       <localhost|computername>\Service\Auth\CredSSP is set to false.

When CredSSP authentication is used, the user's credentials are passed to a remote computer to be authenticated. This type of authentication is designed for commands that create a remote session from within another remote session. For example, running a background job on a remote computer.

Examples

Disable CredSSP on the client, which prevents delegation to servers:

PS C:> Disable-WSManCredSSP -Role Client

Disable CredSSP on the server, which prevents delegation from clients:

PS C:> Disable-WSManCredSSP -Role Server

“It [the Cheshire Cat] vanished quite slowly, beginning with the end of the tail, and ending with the grin, which remained some time after the rest of it had gone” ~ Lewis Carroll

Related PowerShell Cmdlets:

Enable-WSManCredSSP - Enable Credential Security Service Provider authentication


 
Copyright © 1999-2021 SS64.com
Some rights reserved