Domain member: Digitally sign secure channel data (when possible)
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Description
If this setting is enabled, it ensures that all secure channel traffic is signed if the partner domain controller is also capable of signing all secure channel traffic.
Default: Enabled.
Important
| • | There is no known reason for disabling this setting. Besides unnecessarily reducing the potential integrity level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted. |
| • | If the policy Domain member: Digitally encrypt secure channel data (when possible) is enabled, this setting is implicitly enabled. |
For more information, see:
| • |
