SealSecureChannel
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Data type |
Range |
Default value |
|---|---|---|
REG_DWORD |
0 | 1 |
1 |
Description
Determines whether outgoing secure channel traffic is encrypted (sealed).
Channel traffic security is determined jointly by the value of this entry and the values of the RequireStrongKeyrequiresignorseal and signsecurechannel entries.
When requiresignorseal is set to 1, sealsecurechannel determines whether encryption (sealing) is required for a secure channel. When requiresignorseal is set to 0, sealsecurechannel specifies this system's preferences when negotiating with the domain controller on the other side of the channel. Also, because encryption is more secure than signing, when the value of this entry is 1, it takes precedence over the value of signsecurechannel .
Value |
Meaning |
|---|---|
0 |
Outgoing traffic on a secure channel need not be encrypted. However, if the value of signsecurechannel is 1, outgoing traffic must be signed. |
1 |
Outgoing traffic on a secure channel must be encrypted. This specification is enforced when the value of requiresignorseal is 1. |
.gif)
Note
Windows 2000 adds this entry to the registry when you install the system for the first time or when you change the default value. If you upgrade from Windows NT 4.0 or earlier, the entry does not appear in the registry, but it is still in effect on your system.
Related Entries
.gif)