RequireSignOrSeal
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
| Data type | Range | Default value |
|---|---|---|
REG_DWORD |
0 | 1 |
0 |
Description
Specifies whether the system requires that all secure channel communications be either signed or sealed.
The security specifications for secure channel traffic are determined jointly by the value of this entry and the values of the RequireStrongKey, SignSecureChanneland SealSecureChannel entries.
| Value | Meaning |
|---|---|
0 |
Channel traffic need not be signed or sealed. Instead, the security of channel traffic is negotiated with the domain controller. System preferences in the negotiation of traffic security are determined by the values of SignSecureChanneland SealSecureChannel. |
1 |
Outgoing traffic on a secure channel must be either signed or sealed. If the domain controller on the other side of the channel does not support signing or sealing, the system refuses to establish a channel. If the value of SealSecureChannel is 1, traffic must be encrypted; otherwise, it must be signed. |
Notes
The value of this entry should be set to 1 only when all of the trusted domains support signed and sealed communications.
Windows Server 2003 adds this entry to the registry when you install the system for the first time or when you change the default value. This entry might not appear in the registry, for example, if you upgrade to Windows Server 2003 from a system running Windows NT 4.0 that does not define this entry. If this entry does not appear in the registry, the system behaves as though the value is 0