deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add admx wrm csp

Browse Source
This commit is contained in:
Aaron Czechowski
2022-12-21 12:09:16 -08:00
parent dd8bb6497d
commit c699050692
1 changed files with 114 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
View File

@ -1,140 +1,158 @@
--- ---
title: Policy CSP - ADMX_WindowsRemoteManagement title: ADMX_WindowsRemoteManagement Policy CSP
description: Policy CSP - ADMX_WindowsRemoteManagement description: Learn more about the ADMX_WindowsRemoteManagement Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 12/21/2022
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 12/16/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_WindowsRemoteManagement-Begin -->
# Policy CSP - ADMX_WindowsRemoteManagement # Policy CSP - ADMX_WindowsRemoteManagement
> [!TIP] > [!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> >
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!-- ADMX_WindowsRemoteManagement-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_WindowsRemoteManagement-Editable-End -->
<hr/> <!-- DisallowKerberos_1-Begin -->
## DisallowKerberos_1
<!--Policies--> <!-- DisallowKerberos_1-Applicability-Begin -->
## ADMX_WindowsRemoteManagement policies | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- DisallowKerberos_1-Applicability-End -->
<dl> <!-- DisallowKerberos_1-OmaUri-Begin -->
<dd> ```Device
<a href="#admx-windowsremotemanagement-disallowkerberos-1">ADMX_WindowsRemoteManagement/DisallowKerberos_1</a> ./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsRemoteManagement/DisallowKerberos_1
</dd> ```
<dd> <!-- DisallowKerberos_1-OmaUri-End -->
<a href="#admx-windowsremotemanagement-disallowkerberos-2">ADMX_WindowsRemoteManagement/DisallowKerberos_2</a>
</dd>
</dl>
<!-- DisallowKerberos_1-Description-Begin -->
<hr/> <!-- Description-Source-ADMX -->
<!--Policy-->
<a href="" id="admx-windowsremotemanagement-disallowkerberos-1"></a>**ADMX_WindowsRemoteManagement/DisallowKerberos_1**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.
If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
<!-- DisallowKerberos_1-Description-End -->
<!--/Description--> <!-- DisallowKerberos_1-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DisallowKerberos_1-Editable-End -->
<!-- DisallowKerberos_1-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Disallow Kerberos authentication* | Format | chr (string) |
- GP name: *DisallowKerberos_1* | Access Type | Add, Delete, Get, Replace |
- GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Service* <!-- DisallowKerberos_1-DFProperties-End -->
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMXBacked--> <!-- DisallowKerberos_1-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<hr/> **ADMX mapping**:
<!--Policy--> | Name | Value |
<a href="" id="admx-windowsremotemanagement-disallowkerberos-2"></a>**ADMX_WindowsRemoteManagement/DisallowKerberos_2** |:--|:--|
| Name | DisallowKerberos |
| Friendly Name | Disallow Kerberos authentication |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Management (WinRM) > WinRM Service |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service |
| Registry Value Name | AllowKerberos |
| ADMX File Name | WindowsRemoteManagement.admx |
<!-- DisallowKerberos_1-AdmxBacked-End -->
<!--SupportedSKUs--> <!-- DisallowKerberos_1-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DisallowKerberos_1-Examples-End -->
|Edition|Windows 10|Windows 11| <!-- DisallowKerberos_1-End -->
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- DisallowKerberos_2-Begin -->
## DisallowKerberos_2
<!--/SupportedSKUs--> <!-- DisallowKerberos_2-Applicability-Begin -->
<hr/> | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- DisallowKerberos_2-Applicability-End -->
<!--Scope--> <!-- DisallowKerberos_2-OmaUri-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): ```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsRemoteManagement/DisallowKerberos_2
```
<!-- DisallowKerberos_2-OmaUri-End -->
> [!div class = "checklist"] <!-- DisallowKerberos_2-Description-Begin -->
> * Device <!-- Description-Source-ADMX -->
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.
If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected. If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.
If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly. If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.
<!-- DisallowKerberos_2-Description-End -->
<!--/Description--> <!-- DisallowKerberos_2-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DisallowKerberos_2-Editable-End -->
<!-- DisallowKerberos_2-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Disallow Kerberos authentication* | Format | chr (string) |
- GP name: *DisallowKerberos_2* | Access Type | Add, Delete, Get, Replace |
- GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Client* <!-- DisallowKerberos_2-DFProperties-End -->
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMXBacked--> <!-- DisallowKerberos_2-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
<hr/> > This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | DisallowKerberos |
| Friendly Name | Disallow Kerberos authentication |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Management (WinRM) > WinRM Client |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Client |
| Registry Value Name | AllowKerberos |
| ADMX File Name | WindowsRemoteManagement.admx |
<!-- DisallowKerberos_2-AdmxBacked-End -->
<!--/Policies--> <!-- DisallowKerberos_2-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DisallowKerberos_2-Examples-End -->
<!-- DisallowKerberos_2-End -->
<!-- ADMX_WindowsRemoteManagement-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_WindowsRemoteManagement-CspMoreInfo-End -->
<!-- ADMX_WindowsRemoteManagement-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)