How to remove NEGOTIATE from IIS Windows Authentication

I was assisting a customer just the other day who was having a dejavu of removing Negotiate from IIS Windows Authentication. After clicking the "Remove" button, if he restarted the machine, the Negotiate would reappear!

This is because the setting is by default locked. You need to do from the IIS Configuration Editor.

Here is how to do it:

Open IIS Manager (just type inetmgr.exe on your Start--->Run)

Select "Configuration Editor" under management

Change the Section to system.webServer/security/authentication/windowsAuthentication

Click on the providers item, and then click Edit Items on the right. Select the "Negotiate" item and click "Remove":

Click Apply

 

Alternately, you can do it from the command line as follows:

 appcmd.exe set config "Virtual/path/to/application" -section:system.webServer/security/authentication/windowsAuthentication /-"providers.[value='Negotiate']" /commit:apphost