deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
Meghana Athavale 9cae11bee2 Updated
2021-09-27 12:59:45 +05:30

4.3 KiB
Raw Blame History

title, description, ms.author, ms.localizationpriority, ms.topic, ms.prod, ms.technology, author, ms.date, ms.reviewer, manager
title description ms.author ms.localizationpriority ms.topic ms.prod ms.technology author ms.date ms.reviewer manager
Policy CSP - ADMX_WindowsRemoteManagement Policy CSP - ADMX_WindowsRemoteManagement dansimp medium article w10 windows manikadhiman 12/16/2020 dansimp

Policy CSP - ADMX_WindowsRemoteManagement

Tip

These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX_WindowsRemoteManagement policies

ADMX_WindowsRemoteManagement/DisallowKerberos_1
ADMX_WindowsRemoteManagement/DisallowKerberos_2

ADMX_WindowsRemoteManagement/DisallowKerberos_1

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.

If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.

ADMX Info:

  • GP Friendly name: Disallow Kerberos authentication
  • GP name: DisallowKerberos_1
  • GP path: Windows Components\Windows Remote Management (WinRM)\WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx

ADMX_WindowsRemoteManagement/DisallowKerberos_2

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device

This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.

If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.

If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.

ADMX Info:

  • GP Friendly name: Disallow Kerberos authentication
  • GP name: DisallowKerberos_2
  • GP path: Windows Components\Windows Remote Management (WinRM)\WinRM Client
  • GP ADMX file name: WindowsRemoteManagement.admx