diff --git a/scripts/deploy-ftp.ps1 b/scripts/deploy-ftp.ps1
index 21c54e3..d794227 100644
--- a/scripts/deploy-ftp.ps1
+++ b/scripts/deploy-ftp.ps1
@@ -47,8 +47,8 @@ function Assert-Tool {
 Assert-Tool "dotnet"
 Assert-Tool $WinScpPath
 
-function Read-PlainOrPrompt([string]$Value, [string]$Prompt, [bool]$Secure = $false) {
-    if ($Value) { return $Value }
+function Read-PlainOrPrompt([object]$Value, [string]$Prompt, [bool]$Secure = $false) {
+    if ($Value -is [string] -and -not [string]::IsNullOrWhiteSpace($Value)) { return $Value }
     if ($Secure) {
         $pwd = Read-Host -Prompt $Prompt -AsSecureString
         $ptr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd)
@@ -62,6 +62,7 @@ function Read-PlainOrPrompt([string]$Value, [string]$Prompt, [bool]$Secure = $fa
 
 $FtpPassword         = Read-PlainOrPrompt $FtpPassword "FTP password" $true
 $WinRmCredentialPass = Read-PlainOrPrompt $WinRmCredentialPass "WinRM password" $true
+$WinRmAuth           = "Basic"  # Basic for local admin over HTTPS; use Default/Kerberos if joined to domain
 
 Write-Host "1) Publishing..." -ForegroundColor Cyan
 if (Test-Path $PublishDir) { Remove-Item $PublishDir -Recurse -Force -ErrorAction SilentlyContinue }
@@ -83,6 +84,7 @@ if ($RecycleAppPool) {
         }
     }
     if ($UseWinRmHttps) { $invokeParams["UseSSL"] = $true }
+    if ($WinRmAuth)     { $invokeParams["Authentication"] = $WinRmAuth }
     try {
         Invoke-Command @invokeParams
     } catch {
@@ -118,6 +120,7 @@ if ($RecycleAppPool) {
         }
     }
     if ($UseWinRmHttps) { $invokeParams["UseSSL"] = $true }
+    if ($WinRmAuth)     { $invokeParams["Authentication"] = $WinRmAuth }
     try {
         Invoke-Command @invokeParams
     } catch {