Disable-SmbDelegation
Disables a constrained delegation authorization for an SMB client and server.
Syntax
Disable-SmbDelegation
[[-SmbClient] <String>]
[-SmbServer] <String>
[-Force]
[<CommonParameters>] Description
The Disable-SmbDelegation cmdlet disables a constrained delegation authorization for a Server Message Block (SMB) client and server. Delegation allows a user who remotes into an SMB client to perform operations on a remote SMB server.
Examples
Example 1: Disable constrained delegation
PS C:\> Disable-SmbDelegation -SmbServer "FileServer01" -SmbClient "HVSVR01"This command removes the constrained delegation authorization so that a user remotely connected to the SMB client named HVSVR01 can no longer configure resources on the SMB server named FileServer01.
Parameters
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SmbClient
Specifies the name of the SMB client. The cmdlet disables constrained delegation authorization for the SMB client that you specify.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SmbServer
Specifies the name of the SMB server. The cmdlet disables constrained delegation authorization for the SMB server you specify. If you do not specify the SmbClient parameter, the cmdlet disables constrained delegation authorization for all clients on the server.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Notes
This cmdlet relies on Active Directory Windows PowerShell cmdlets to perform its actions. Before you use this cmdlet, you must install the Active Directory cmdlets. To install the Active Directory cmdlets, run the following command:
Install-WindowsFeature RSAT-AD-PowerShellFor more information, typeGet-Help Install-WindowsFeature.This cmdlet only works with resource-based delegation, and the Active Directory forest must be at the Windows Server 2012 functional level. To check the functional level of the Active Directory forest, use the Get-ADForest cmdlet.