Authentication Command

Article
02/04/2013

Use the Authentication command to change the network authentication protocol that a Web site for Team Foundation uses.

Important

By default, both Negotiate and NTLM are enabled in Internet Information Services (IIS) 6.0. Windows SharePoint Services 2.0 supports only Integrated Windows authentication (NTLM) protocol for network authentication. Users might not be able to access Web sites for Team Foundation if Kerberos authentication (Negotiate) is enabled.

Required Permissions

To use the Authentication command, you must be a member of the Team Foundation Administrators security group on the application-tier server for Team Foundation If you use the /proxy option, you must be an administrator on the application-tier server for Team Foundation or the proxy server. For more information, see Team Foundation Server Permissions.

Note

Even if you are logged on with administrative credentials, you must open an elevated Command Prompt to perform this function on a server that is running Windows Server 2008. To open an elevated Command Prompt, click Start, right-click Command Prompt, and click Run as Administrator. For more information, see the Microsoft Web site.

TFSAdminUtil Authentication [/provider:NTLM|Negotiate] [/proxy] [/view] [/site:WebSiteName]

Parameters

Argument	Description
NTLM	Use with the /provider option to specify the NTLM authentication protocol.
Negotiate	Use with the /provider option to specify the Negotiate (Kerberos) authentication protocol.
WebSiteName	Use to specify the Web site whose authentication protocol you want to change.

Option	Description
/view	Displays the current authentication settings for Team Foundation Server.
/proxy	Runs the command for the Web site on the computer that is running Team Foundation Server Proxy.
/site	Specifies the Web site whose network authentication protocol you want to change. If you do not specify a name, Team Foundation Server is used. If you specify the proxy switch, Team Foundation Server Proxy is used.

/view

Displays the current authentication settings for Team Foundation Server.

/proxy

Runs the command for the Web site on the computer that is running Team Foundation Server Proxy.

/site

Specifies the Web site whose network authentication protocol you want to change.

If you do not specify a name, Team Foundation Server is used. If you specify the proxy switch, Team Foundation Server Proxy is used.

Remarks

The Authentication command is used by an administrator who wants to change the network authentication protocol for one or more Web sites on which Team Foundation relies. The administrator runs this command from the application tier to update those Web sites that require a change in their network authentication protocol. The command changes the NTAuthenticationProviders property in the IIS metabase.

Important

Before you use the Authentication command to change the authentication protocol, you should run the command with the /view option to view the existing settings.

Example

The following example displays the current value that is assigned for the network authentication protocol.

>TFSAdminUtil Authentication /view

Authentication Command

Parameters

Remarks

Example

See Also

Other Resources

Additional resources