Disable-SmbDelegation

Disables a constrained delegation authorization for an SMB client and server.

Syntax

Disable-SmbDelegation
       [[-SmbClient] <String>]
       [-SmbServer] <String>
       [-Force]
       [<CommonParameters>]

Description

The Disable-SmbDelegation cmdlet disables a constrained delegation authorization for a Server Message Block (SMB) client and server. Delegation allows a user who remotes into an SMB client to perform operations on a remote SMB server.

Examples

Example 1: Disable constrained delegation

PS C:\> Disable-SmbDelegation -SmbServer "FileServer01" -SmbClient "HVSVR01"

This command removes the constrained delegation authorization so that a user remotely connected to the SMB client named HVSVR01 can no longer configure resources on the SMB server named FileServer01.

Parameters

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SmbClient

Specifies the name of the SMB client. The cmdlet disables constrained delegation authorization for the SMB client that you specify.

Type:String
Position:0
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SmbServer

Specifies the name of the SMB server. The cmdlet disables constrained delegation authorization for the SMB server you specify. If you do not specify the SmbClient parameter, the cmdlet disables constrained delegation authorization for all clients on the server.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Notes

  • This cmdlet relies on Active Directory Windows PowerShell cmdlets to perform its actions. Before you use this cmdlet, you must install the Active Directory cmdlets. To install the Active Directory cmdlets, run the following command: Install-WindowsFeature RSAT-AD-PowerShell For more information, type Get-Help Install-WindowsFeature.

    This cmdlet only works with resource-based delegation, and the Active Directory forest must be at the Windows Server 2012 functional level. To check the functional level of the Active Directory forest, use the Get-ADForest cmdlet.