Disallow Kerberos authentication (WinRM Server)ID: oval:org.secpod.oval:def:19095 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The Disallow Kerberos authentication machine setting should be configured correctly for the WinRM service.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not accept Kerberos credentials over the network. If you enable this policy setting, the WinRM service will not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, then the WinRM service will accept Kerberos authentication from a remote client.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Disallow Kerberos authentication
(2) KEY: HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\AllowKerberos
Platform: |
Microsoft Windows Server 2008 R2 |