Domain member: Digitally encrypt or sign secure channel data (always)
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Description
Determines whether a secure channel can be established with a domain controller that is not capable of signing or encrypting all secure channel traffic. If this setting is enabled, a secure channel cannot be established with any domain controller that cannot sign or encrypt all secure channel data. If this setting is disabled, a secure channel can be established, but the level of encryption and signing is negotiated.
Default: Disabled.
Important
| • | For you to enable this setting on a member workstation or server, all domain controllers in the domain that the member belongs to must be capable of signing or encrypting all secure channel data. This means that all such domain controllers must be running Windows NT 4.0 with Service Pack 4 or higher. |
| • | For you to enable this setting on a domain controller, all domain controllers in all trusting and trusted domains must be capable of signing or encrypting all secure channel data. This means that all such domain controllers must be running Windows NT 4.0 with Service Pack 4 or higher. |
| • | If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is automatically enabled. |
For more information, see:
| • |
