How to remove NEGOTIATE from IIS Windows Authentication
Published Nov 16 2018 06:59 AM 2,404 Views
First published on MSDN on Mar 26, 2018
I was assisting a customer just the other day who was having a dejavu of removing Negotiate from IIS Windows Authentication. After clicking the "Remove" button, if he restarted the machine, the Negotiate would reappear!

This is because the setting is by default locked. You need to do from the IIS Configuration Editor.

Here is how to do it:

Open IIS Manager (just type inetmgr.exe on your Start--->Run)

Select "Configuration Editor" under management

Change the Section to system.webServer/security/authentication/windowsAuthentication

Click on the providers item, and then click Edit Items on the right. Select the "Negotiate" item and click "Remove":

Click Apply

Alternately, you can do it from the command line as follows:
appcmd.exe set config "Virtual/path/to/application" -section:system.webServer/security/authentication/windowsAuthentication /-"providers.[value='Negotiate']" /commit:apphost
Version history
Last update:
‎Nov 16 2018 06:59 AM
Updated by: