Domain member: Digitally encrypt secure channel data (when possible)

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Description

If this setting is enabled, it ensures that all secure channel traffic is encrypted if the partner domain controller is also capable of encrypting all secure channel traffic.

Default: Enabled.

 Important

There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.

For more information, see:

Security Configuration Manager Tools


Top of pageTop of page