SealSecureChannel

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type Range Default value

REG_DWORD

0 | 1

1

Description

Specifies whether outgoing secure channel traffic is encrypted (sealed). This entry is used when negotiating the conditions of a secure channel with a domain controller. If the value of this entry is 1, and the domain controller supports this functionality, the secure channel traffic is signed.

Channel traffic security is determined jointly by the value of this entry and the values of the registry entries RequireStrongKey, RequireSignOrSeal, and SignSecureChannel.

Because encryption is more secure than signing, when the value of this entry is 1, it takes precedence over the value of SignSecureChannel.

Value Meaning

0

Outgoing traffic on a secure channel should not be encrypted.

1

Outgoing traffic on a secure channel should be encrypted if the domain controller supports this functionality.

Note

  • Windows Server 2003 and Windows 2000 add this entry to the registry when you install the system for the first time or when you change the default value. If you upgrade from Windows NT 4.0 or earlier, the entry does not appear in the registry, but it is still in effect on your system.

RequireStrongKey

See Also

Concepts

RequireSignOrSeal
SignSecureChannel
RequireStrongKey