Hey Glenn
Here are the potential issues you may come across.
Tested before you put on prod.
it may require adjustments to how you establish remote PowerShell connections, provide credentials, and modify existing scripts or tools to ensure compatibility.
Unable to store RunAs credentials: When you enable the setting "Disallow WinRM from storing RunAs credentials," WinRM on the servers will no longer store the credentials used for RunAs operations. This means that you will need to provide the username and password each time you establish a remote PowerShell session or run PowerShell commands/scripts remotely using different credentials.
Limited authentication options: Enabling the setting "Disallow Digest authentication" means that the Digest authentication mechanism will be disabled for WinRM. Digest authentication provides a level of security and is commonly used, so disabling it may limit the available authentication options for remote connections. This may require you to use alternative authentication methods such as Kerberos or Negotiate.
Impact on remote PowerShell sessions: If the credentials are not stored and Digest authentication is disabled, establishing remote PowerShell sessions to other servers may require you to provide explicit credentials each time you connect. This can be cumbersome if you need to make frequent connections to different servers. You may also need to modify your PowerShell scripts to include the necessary credential prompts or handle remote connections explicitly.
Compatibility with existing scripts and tools: Any existing PowerShell scripts or tools that rely on stored credentials or use Digest authentication for WinRM connections may no longer work as expected or require modifications. Make sure to test your scripts and tools to ensure compatibility with the new settings.