Domain member: Require strong (Windows 2000 or later) session key

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Description

Determines whether a secure channel can be established with a domain controller that is not capable of encrypting secure channel traffic with a strong (128-bit) session key. If this setting is enabled, a secure channel is not established with any domain controller that cannot encrypt secure channel data with a strong key. If this setting is disabled, 64-bit session keys are tolerated.

Default: Disabled.

 Important

To enable this setting on a member workstation or server, all domain controllers in the domain that the member belongs to must be capable of encrypting secure channel data with a strong (128-bit) key. This means that all such domain controllers must be running Windows 2000.

To enable this setting on a domain controller, all domain controllers in all trusting and trusted domains must be capable of encrypting secure channel data with a strong (128-bit) key. This means that all such domain controllers must be running Windows 2000.

For more information, see:

Security Configuration Manager Tools


Top of pageTop of page