Authentication Command

Authentication Command

The Authentication command changes the network authentication protocol that a website for Team Foundation Server (TFS) uses.


  • You must be a member of the Team Foundation Administrators security group on the application-tier server.

  • If you use the siteType option, you must be an administrator on the application-tier server or the proxy server.

  • Even if you are logged on with administrative credentials, you must open an elevated Command Prompt.

TFSConfig Authentication [/provider:NTLM|Negotiate] [/viewAll] [/siteType:ApplicationTier|Proxy] 




Use with the /provider option to specify the NTLM authentication protocol.


Use with the /provider option to specify the Negotiate (Kerberos) authentication protocol.




Displays the current authentication settings for TFS.


Specifies the authentication provider you want to configure for the website.


Specifies the website whose network authentication protocol you want to change.

If you do not specify a name, the application tier for TFS is changed. If you specify the proxy switch, Team Foundation Server Proxy is changed.

The Authentication command is used by an administrator who wants to change the network authentication protocol for one or more websites on which TFS relies. The administrator runs this command from the application tier to update those websites that require a change in their network authentication protocol. The command changes the NTAuthenticationProviders property in the IIS metabase.

Important note Important

Before you use the Authentication command to change the authentication protocol, you should run the command with the /viewAll option to view the existing settings.

The following example displays the current value that is assigned for the network authentication protocol.

>TFSConfig Authentication /viewAll
© 2015 Microsoft