Author: admin

This policy setting is deprecated and has no effect when set to any state: Enabled Disabled or Not Configured.

This policy setting configures the maximum number of processes a remote shell is allowed to launch. If you enable this policy setting you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes. If you disable or do not configure this policy setting the limit is five processes per shell.

This policy setting configures the maximum total amount of memory in megabytes that can be allocated by any active remote shell and all its child processes. Any value from 0 to 0x7FFFFFFF can be set where 0 equals unlimited memory which means the ability of remote operations to allocate memory is only limited by the available virtual memory. If you enable this policy setting the remote operation is terminated when a new allocation exceeds the specified quota. If you disable or do not configure this policy setting the value 150 is used by default.

This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system. The value can be any number from 1 to 100. If you enable this policy setting the new shell connections are rejected if they exceed the specified limit. If you disable or do not configure this policy setting the default number is five users.

This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted. Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values. If you enable this policy setting the server will wait for the specified amount of time since the last received message from the client before terminating the open shell. If you do not configure or disable this policy setting the default value of 900000 or 15 min will be used.

This policy setting configures access to remote shells. If you enable this policy setting and set it to False new remote shell connections are rejected by the server. If you disable or do not configure this policy setting new remote shell connections are allowed.

This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens. If you enable this policy setting the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request based on a supplied channel binding token. If you disable or do not configure this policy setting you can configure the hardening level locally on each computer. If HardeningLevel is set to Strict any request not containing a valid channel binding token is rejected. If HardeningLevel is set to Relaxed (default value) any request containing an invalid channel binding token is rejected. However a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks). If HardeningLevel is set to None all requests are accepted (though they are not protected from credential-forwarding attacks).

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authentication from a remote client. If you enable this policy setting the WinRM service accepts CredSSP authentication from a remote client. If you disable or do not configure this policy setting the WinRM service does not accept CredSSP authentication from a remote client.

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. If you enable this policy setting the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting the WinRM service accepts Kerberos authentication from a remote client.

This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client. If you enable this policy setting the WinRM service does not accept Negotiate authentication from a remote client. If you disable or do not configure this policy setting the WinRM service accepts Negotiate authentication from a remote client.