NtlmMinClientSec
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
NtlmMinClientSec
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
| Data type | Range | Default value |
|---|---|---|
REG_DWORD |
0x0 | 0x10 | 0x20 | 0x80000 | 0x20000000 |
0x0 |
Description
Specifies the minimum required security setting of client-side network connections for applications using the NTLM security support provider (SSP).
| Value | Meaning |
|---|---|
0x0 |
None. No security is used for authentication or session security. |
0x10 |
Message integrity. If the value of either this entry or the NtlmMinServerSec entry is 0x10, then the connection will fail unless message integrity is negotiated. |
0x20 |
Message confidentiality. If the value of either this entry or the NtlmMinServerSec entry is 0x20, then the connection will fail unless message confidentiality is negotiated. |
0x80000 |
NTLMv2 session security. If the value of either this entry or the NtlmMinServerSec entry is 0x80000, then the connection will fail unless NTLMv2 session security is negotiated. |
0x20000000 |
128-bit encryption. If the value of either this entry or the NtlmMinServerSec entry is 0x20000000, then the connection will fail unless 128-bit encryption is negotiated. |
This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
Activation Method
You must restart Windows to make changes to this entry effective.
Note
- These settings do not guarantee that an application uses message integrity or confidentiality, even if they are negotiated. For more information, see Article Q147706 in the Microsoft Knowledge Base, or search by using the keywords LM authentication.