Policy CSP - RemoteManagement


RemoteManagement policies

RemoteManagement/AllowBasicAuthentication_Client
RemoteManagement/AllowBasicAuthentication_Service
RemoteManagement/AllowCredSSPAuthenticationClient
RemoteManagement/AllowCredSSPAuthenticationService
RemoteManagement/AllowRemoteServerManagement
RemoteManagement/AllowUnencryptedTraffic_Client
RemoteManagement/AllowUnencryptedTraffic_Service
RemoteManagement/DisallowDigestAuthentication
RemoteManagement/DisallowNegotiateAuthenticationClient
RemoteManagement/DisallowNegotiateAuthenticationService
RemoteManagement/DisallowStoringOfRunAsCredentials
RemoteManagement/SpecifyChannelBindingTokenHardeningLevel
RemoteManagement/TrustedHosts
RemoteManagement/TurnOnCompatibilityHTTPListener
RemoteManagement/TurnOnCompatibilityHTTPSListener


RemoteManagement/AllowBasicAuthentication_Client

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Allow Basic authentication
  • GP name: AllowBasic_2
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Client
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/AllowBasicAuthentication_Service

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Allow Basic authentication
  • GP name: AllowBasic_1
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/AllowCredSSPAuthenticationClient

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Allow CredSSP authentication
  • GP name: AllowCredSSP_2
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Client
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/AllowCredSSPAuthenticationService

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Allow CredSSP authentication
  • GP name: AllowCredSSP_1
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/AllowRemoteServerManagement

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Allow remote server management through WinRM
  • GP name: AllowAutoConfig
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/AllowUnencryptedTraffic_Client

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Allow unencrypted traffic
  • GP name: AllowUnencrypted_2
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Client
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/AllowUnencryptedTraffic_Service

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Allow unencrypted traffic
  • GP name: AllowUnencrypted_1
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/DisallowDigestAuthentication

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Disallow Digest authentication
  • GP name: DisallowDigest
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Client
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/DisallowNegotiateAuthenticationClient

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Disallow Negotiate authentication
  • GP name: DisallowNegotiate_2
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Client
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/DisallowNegotiateAuthenticationService

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Disallow Negotiate authentication
  • GP name: DisallowNegotiate_1
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/DisallowStoringOfRunAsCredentials

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Disallow WinRM from storing RunAs credentials
  • GP name: DisableRunAs
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/SpecifyChannelBindingTokenHardeningLevel

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Specify channel binding token hardening level
  • GP name: CBTHardeningLevel_1
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/TrustedHosts

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Trusted Hosts
  • GP name: TrustedHosts
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Client
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/TurnOnCompatibilityHTTPListener

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Turn On Compatibility HTTP Listener
  • GP name: HttpCompatibilityListener
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx


RemoteManagement/TurnOnCompatibilityHTTPSListener

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Turn On Compatibility HTTPS Listener
  • GP name: HttpsCompatibilityListener
  • GP path: Windows Components/Windows Remote Management (WinRM)/WinRM Service
  • GP ADMX file name: WindowsRemoteManagement.admx

Footnote:

  • 1 - Added in Windows 10, version 1607.
  • 2 - Added in Windows 10, version 1703.
  • 3 - Added in Windows 10, version 1709.