RequireStrongKey
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
| Data type | Range | Default value |
|---|---|---|
REG_DWORD |
0 | 1 |
0 |
Description
Specifies whether the system requires that all secure channel keys be computed using a strong key. If it does, then the trusted domain controller on the other side of the channel must be able to compute strong keys. For public, non-exportable keys, a strong key is one that is 128 bytes or longer.
All secure channels have keys. The keys are used for authentication, signing, or encryption, depending on the capability and requirements of the systems.
| Value | Meaning |
|---|---|
0 |
The system does not require that the trusted domain controller be able to compute a strong key. |
1 |
The system requires that the trusted domain controller be able to compute a strong key. If the domain controller on the other side of the channel does not support strong key encryption, this system refuses to establish a channel. |
This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
Note
- This entry should be set to 1 only when all of the trusted domains are able to compute strong keys.