Disable Credential Security Service Provider (CredSSP) authentication on a client computer.
Syntax
Disable-WSManCredSSP [-Role] string [CommonParameters]
Key
-Role { Client | Server }
Whether CredSSP should be disabled as a client or as a server.
If CredSSP is disabled on the client, the WS-Management setting:
<localhost|computername>\Client\Auth\CredSSP is set to false.
Also removes any WSMan/* setting from the CredSSP policy AllowFreshCredentials on the client.
If CredSSP is disabled on the server, the WS-Management setting:
<localhost|computername>\Service\Auth\CredSSP is set to false.
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
When CredSSP authentication is used, the user's credentials are passed to a remote computer to be authenticated. This type of authentication is designed for commands that create a remote session from within another remote session. For example, running a background job on a remote computer.
Examples
Disable CredSSP on the client, which prevents delegation to servers:
PS C:> Disable-WSManCredSSP -Role Client
Disable CredSSP on the server, which prevents delegation from clients:
PS C:> Disable-WSManCredSSP -Role Server
“It [the Cheshire Cat] vanished quite slowly, beginning with the end of the tail, and ending with the grin, which remained some time after the rest of it had gone” ~ Lewis Carroll
Related PowerShell Cmdlets:
Enable-WSManCredSSP - Enable Credential Security Service Provider authentication