Disable WSManCredSSP - PowerShell


Disable-WSManCredSSP disables CredSSP (Credential Security Support Provider) authentication in Windows Server Manager (WS-Management). CredSSP is used to securely delegate user credentials for remote access and authentication. Disabling CredSSP can enhance security measures by eliminating a potential attack vector.


Disable-WSManCredSSP [-Name] <string> [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]


  • -Name: The name of the WS-Management service to disable CredSSP for.
  • -Force: Suppresses the confirmation prompt and forces the command to execute.
  • -WhatIf: Displays what would have happened if the command had been executed without actually making any changes.
  • -Confirm: Prompts for confirmation before executing the command.


Example 1: Disable CredSSP for the Default WS-Management Service


Example 2: Disable CredSSP for a Specific WS-Management Service

Disable-WSManCredSSP -Name "MyWSManService"

Example 3: Disable CredSSP with Force and Confirmation

Disable-WSManCredSSP -Force -Confirm

Common Issues

  • Error: Disable-WSManCredSSP: The CredSSP authentication mechanism is not enabled.

    • Solution: CredSSP may already be disabled. Check if it is enabled using the “Get-WSManCredSSP” command.
  • Error: Disable-WSManCredSSP: The WS-Management service is not running.

    • Solution: Start the WS-Management service using the “Start-Service WinRM” command.


Disable-WSManCredSSP can be used in conjunction with other PowerShell commands to strengthen security and manage remote access configurations. For instance:

Get-WSManCredSSP -Name "MyWSManService" | Where-Object {$_.Enabled -eq $True} | Disable-WSManCredSSP

This command disables CredSSP for any WS-Management service that is currently enabled.

  • Enable-WSManCredSSP: Enables CredSSP authentication for WS-Management.
  • Get-WSManCredSSP: Retrieves information about CredSSP settings for WS-Management services.
  • Set-WSManCredSSP: Modifies CredSSP settings for WS-Management services.