Disables CredSSP authentication on a computer.
Disable-WSManCredSSP [-Role*] <String> [<CommonParameters>]
The Disable-WSManCredSSP cmdlet disables Credential Security Support Provider (CredSSP) authentication on a client or on a server computer. When CredSSP authentication is used, the user credentials are passed to a remote computer to be authenticated.
Use this cmdlet to disable CredSSP on the client by specifying Client in the Role parameter. This cmdlet performs the following actions:
— Disables CredSSP on the client. This cmdlet sets the WS-Management setting
ClientAuthCredSSP to false.
— Removes any WSMan/* setting from the Windows CredSSP policy AllowFreshCredentials on the client.
Use this cmdlet to disable CredSSP on the server by specifying Server in Role. This cmdlet performs the following action:
– Disables CredSSP on the server. This cmdlet sets the WS-Management setting
ServiceAuthCredSSP to false.
Caution: CredSSP authentication delegates the user credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.
This cmdlet does not accept any input.
This cmdlet does not generate any output.
- Disable CredSSP on a client:
PS C:> Disable-WSManCredSSP -Role Client
This command disables CredSSP on the client, which prevents delegation to servers.
- Disable CredSSP on a server:
PS C:> Disable-WSManCredSSP -Role Server
This command disables CredSSP on the server, which prevents delegation from clients.
To enable CredSSP authentication, use the Enable-WSManCredSSP cmdlet.